cobaltstrike | 638d97256ac392f8890f90614bbb5d8bc1214f20afcb1dda34190b2d26887b9f

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20-05-2024 01:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
Size

6.0MB
MD5

31cadf650f28b43b4216e0f88609dc42
SHA1

bbf614331624737d0991aa820c4fd9eda906604e
SHA256

638d97256ac392f8890f90614bbb5d8bc1214f20afcb1dda34190b2d26887b9f
SHA512

25d27476ad4ec2d6063797173fa9ead4a02b091277617d0894ed395212a05b8e8d553adc561aea8196ac80c8a8a740bd5fc72eb7370be43bed183e803314f37a
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUx:eOl56utgpPF8u/7x

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 37 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
\Windows\system\jzCWpga.exe	cobalt_reflective_dll
C:\Windows\system\RzdoaJI.exe	cobalt_reflective_dll
C:\Windows\system\lupQsct.exe	cobalt_reflective_dll
C:\Windows\system\VnzdUJK.exe	cobalt_reflective_dll
C:\Windows\system\UBfVHuk.exe	cobalt_reflective_dll
\Windows\system\GBmYmPf.exe	cobalt_reflective_dll
C:\Windows\system\mvIJbYM.exe	cobalt_reflective_dll
\Windows\system\rubeAQN.exe	cobalt_reflective_dll
\Windows\system\tDEzGmk.exe	cobalt_reflective_dll
C:\Windows\system\CgOGUhx.exe	cobalt_reflective_dll
C:\Windows\system\fMHgjDc.exe	cobalt_reflective_dll
C:\Windows\system\wXUiKoX.exe	cobalt_reflective_dll
\Windows\system\VUzdySA.exe	cobalt_reflective_dll
\Windows\system\nFwxHPw.exe	cobalt_reflective_dll
\Windows\system\xPqhuwZ.exe	cobalt_reflective_dll
\Windows\system\INSPioK.exe	cobalt_reflective_dll
\Windows\system\AJMmDDe.exe	cobalt_reflective_dll
\Windows\system\dcSZclH.exe	cobalt_reflective_dll
\Windows\system\tTLwdCn.exe	cobalt_reflective_dll
\Windows\system\NIDGkaO.exe	cobalt_reflective_dll
\Windows\system\kRRySnm.exe	cobalt_reflective_dll
C:\Windows\system\VeWNsfC.exe	cobalt_reflective_dll
\Windows\system\wjxkQuf.exe	cobalt_reflective_dll
\Windows\system\tEfmGVt.exe	cobalt_reflective_dll
C:\Windows\system\BRQfsZU.exe	cobalt_reflective_dll
C:\Windows\system\MgNMZQY.exe	cobalt_reflective_dll
C:\Windows\system\IzRflIP.exe	cobalt_reflective_dll
C:\Windows\system\AxjZWzn.exe	cobalt_reflective_dll
C:\Windows\system\TFIMGqj.exe	cobalt_reflective_dll
C:\Windows\system\jZtCFmx.exe	cobalt_reflective_dll
C:\Windows\system\bSaLhvi.exe	cobalt_reflective_dll
C:\Windows\system\wZmXJLd.exe	cobalt_reflective_dll
C:\Windows\system\qHPaszy.exe	cobalt_reflective_dll
C:\Windows\system\NLInwRz.exe	cobalt_reflective_dll
C:\Windows\system\kixyDSz.exe	cobalt_reflective_dll
C:\Windows\system\eKHPFpA.exe	cobalt_reflective_dll
C:\Windows\system\JNuTLyu.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects Reflective DLL injection artifacts 37 IoCs

Processes:

resource	yara_rule
\Windows\system\jzCWpga.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\RzdoaJI.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\lupQsct.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\VnzdUJK.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\UBfVHuk.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
\Windows\system\GBmYmPf.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\mvIJbYM.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
\Windows\system\rubeAQN.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
\Windows\system\tDEzGmk.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\CgOGUhx.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\fMHgjDc.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\wXUiKoX.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
\Windows\system\VUzdySA.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
\Windows\system\nFwxHPw.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
\Windows\system\xPqhuwZ.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
\Windows\system\INSPioK.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
\Windows\system\AJMmDDe.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
\Windows\system\dcSZclH.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
\Windows\system\tTLwdCn.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
\Windows\system\NIDGkaO.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
\Windows\system\kRRySnm.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\VeWNsfC.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
\Windows\system\wjxkQuf.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
\Windows\system\tEfmGVt.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\BRQfsZU.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\MgNMZQY.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\IzRflIP.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\AxjZWzn.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\TFIMGqj.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\jZtCFmx.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\bSaLhvi.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\wZmXJLd.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\qHPaszy.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\NLInwRz.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\kixyDSz.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\eKHPFpA.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader
C:\Windows\system\JNuTLyu.exe	INDICATOR_SUSPICIOUS_ReflectiveLoader

UPX dump on OEP (original entry point) 64 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1924-0-0x000000013F560000-0x000000013F8B4000-memory.dmp	UPX
\Windows\system\jzCWpga.exe	UPX
C:\Windows\system\RzdoaJI.exe	UPX
C:\Windows\system\lupQsct.exe	UPX
behavioral1/memory/3004-20-0x000000013FA40000-0x000000013FD94000-memory.dmp	UPX
C:\Windows\system\VnzdUJK.exe	UPX
C:\Windows\system\UBfVHuk.exe	UPX
\Windows\system\GBmYmPf.exe	UPX
C:\Windows\system\mvIJbYM.exe	UPX
\Windows\system\rubeAQN.exe	UPX
\Windows\system\tDEzGmk.exe	UPX
C:\Windows\system\CgOGUhx.exe	UPX
C:\Windows\system\fMHgjDc.exe	UPX
behavioral1/memory/1924-2430-0x000000013F560000-0x000000013F8B4000-memory.dmp	UPX
C:\Windows\system\wXUiKoX.exe	UPX
\Windows\system\VUzdySA.exe	UPX
\Windows\system\nFwxHPw.exe	UPX
\Windows\system\xPqhuwZ.exe	UPX
\Windows\system\INSPioK.exe	UPX
\Windows\system\AJMmDDe.exe	UPX
\Windows\system\dcSZclH.exe	UPX
\Windows\system\tTLwdCn.exe	UPX
\Windows\system\NIDGkaO.exe	UPX
\Windows\system\kRRySnm.exe	UPX
C:\Windows\system\VeWNsfC.exe	UPX
\Windows\system\wjxkQuf.exe	UPX
\Windows\system\tEfmGVt.exe	UPX
C:\Windows\system\BRQfsZU.exe	UPX
C:\Windows\system\MgNMZQY.exe	UPX
C:\Windows\system\IzRflIP.exe	UPX
C:\Windows\system\AxjZWzn.exe	UPX
C:\Windows\system\TFIMGqj.exe	UPX
C:\Windows\system\jZtCFmx.exe	UPX
behavioral1/memory/1876-95-0x000000013F8D0000-0x000000013FC24000-memory.dmp	UPX
behavioral1/memory/2676-93-0x000000013F300000-0x000000013F654000-memory.dmp	UPX
behavioral1/memory/2492-91-0x000000013FBD0000-0x000000013FF24000-memory.dmp	UPX
behavioral1/memory/2412-89-0x000000013FC30000-0x000000013FF84000-memory.dmp	UPX
behavioral1/memory/2340-87-0x000000013F180000-0x000000013F4D4000-memory.dmp	UPX
behavioral1/memory/2700-86-0x000000013FC80000-0x000000013FFD4000-memory.dmp	UPX
behavioral1/memory/2576-85-0x000000013F510000-0x000000013F864000-memory.dmp	UPX
C:\Windows\system\bSaLhvi.exe	UPX
C:\Windows\system\wZmXJLd.exe	UPX
behavioral1/memory/2612-109-0x000000013F0E0000-0x000000013F434000-memory.dmp	UPX
behavioral1/memory/2424-83-0x000000013FEA0000-0x00000001401F4000-memory.dmp	UPX
C:\Windows\system\qHPaszy.exe	UPX
behavioral1/memory/2100-81-0x000000013FC50000-0x000000013FFA4000-memory.dmp	UPX
behavioral1/memory/2616-107-0x000000013F220000-0x000000013F574000-memory.dmp	UPX
C:\Windows\system\NLInwRz.exe	UPX
C:\Windows\system\kixyDSz.exe	UPX
behavioral1/memory/1236-44-0x000000013FA70000-0x000000013FDC4000-memory.dmp	UPX
C:\Windows\system\eKHPFpA.exe	UPX
behavioral1/memory/1936-26-0x000000013F140000-0x000000013F494000-memory.dmp	UPX
C:\Windows\system\JNuTLyu.exe	UPX
behavioral1/memory/2700-3688-0x000000013FC80000-0x000000013FFD4000-memory.dmp	UPX
behavioral1/memory/2576-3684-0x000000013F510000-0x000000013F864000-memory.dmp	UPX
behavioral1/memory/2100-3673-0x000000013FC50000-0x000000013FFA4000-memory.dmp	UPX
behavioral1/memory/2492-3698-0x000000013FBD0000-0x000000013FF24000-memory.dmp	UPX
behavioral1/memory/2424-3713-0x000000013FEA0000-0x00000001401F4000-memory.dmp	UPX
behavioral1/memory/2412-3729-0x000000013FC30000-0x000000013FF84000-memory.dmp	UPX
behavioral1/memory/2676-3728-0x000000013F300000-0x000000013F654000-memory.dmp	UPX
behavioral1/memory/1876-3737-0x000000013F8D0000-0x000000013FC24000-memory.dmp	UPX
behavioral1/memory/1936-3767-0x000000013F140000-0x000000013F494000-memory.dmp	UPX
behavioral1/memory/3004-3770-0x000000013FA40000-0x000000013FD94000-memory.dmp	UPX
behavioral1/memory/2612-3693-0x000000013F0E0000-0x000000013F434000-memory.dmp	UPX

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/1924-0-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
\Windows\system\jzCWpga.exe	xmrig
C:\Windows\system\RzdoaJI.exe	xmrig
C:\Windows\system\lupQsct.exe	xmrig
behavioral1/memory/3004-20-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
C:\Windows\system\VnzdUJK.exe	xmrig
C:\Windows\system\UBfVHuk.exe	xmrig
\Windows\system\GBmYmPf.exe	xmrig
C:\Windows\system\mvIJbYM.exe	xmrig
\Windows\system\rubeAQN.exe	xmrig
\Windows\system\tDEzGmk.exe	xmrig
C:\Windows\system\CgOGUhx.exe	xmrig
C:\Windows\system\fMHgjDc.exe	xmrig
behavioral1/memory/1924-82-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/1924-2430-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
C:\Windows\system\wXUiKoX.exe	xmrig
\Windows\system\VUzdySA.exe	xmrig
\Windows\system\nFwxHPw.exe	xmrig
\Windows\system\xPqhuwZ.exe	xmrig
\Windows\system\INSPioK.exe	xmrig
\Windows\system\AJMmDDe.exe	xmrig
\Windows\system\dcSZclH.exe	xmrig
\Windows\system\tTLwdCn.exe	xmrig
\Windows\system\NIDGkaO.exe	xmrig
\Windows\system\kRRySnm.exe	xmrig
C:\Windows\system\VeWNsfC.exe	xmrig
\Windows\system\wjxkQuf.exe	xmrig
\Windows\system\tEfmGVt.exe	xmrig
C:\Windows\system\BRQfsZU.exe	xmrig
C:\Windows\system\MgNMZQY.exe	xmrig
C:\Windows\system\IzRflIP.exe	xmrig
C:\Windows\system\AxjZWzn.exe	xmrig
C:\Windows\system\TFIMGqj.exe	xmrig
C:\Windows\system\jZtCFmx.exe	xmrig
behavioral1/memory/1876-95-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/1924-94-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/2676-93-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2492-91-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2412-89-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2340-87-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/2700-86-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2576-85-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
C:\Windows\system\bSaLhvi.exe	xmrig
C:\Windows\system\wZmXJLd.exe	xmrig
behavioral1/memory/2612-109-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/2424-83-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
C:\Windows\system\qHPaszy.exe	xmrig
behavioral1/memory/2100-81-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2616-107-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
C:\Windows\system\NLInwRz.exe	xmrig
C:\Windows\system\kixyDSz.exe	xmrig
behavioral1/memory/1236-44-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
C:\Windows\system\eKHPFpA.exe	xmrig
behavioral1/memory/1924-49-0x0000000002310000-0x0000000002664000-memory.dmp	xmrig
behavioral1/memory/1936-26-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
C:\Windows\system\JNuTLyu.exe	xmrig
behavioral1/memory/2700-3688-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2576-3684-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/2100-3673-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2492-3698-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2424-3713-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2412-3729-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2676-3728-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/1876-3737-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

jzCWpga.exeRzdoaJI.exeJNuTLyu.exelupQsct.exeVnzdUJK.exemvIJbYM.exeUBfVHuk.exeGBmYmPf.exeeKHPFpA.exetDEzGmk.exerubeAQN.exeCgOGUhx.exekixyDSz.exefMHgjDc.exeNLInwRz.exewXUiKoX.exekRRySnm.exeqHPaszy.exeVeWNsfC.exewZmXJLd.exebSaLhvi.exejZtCFmx.exeTFIMGqj.exeAxjZWzn.exeIzRflIP.exeMgNMZQY.exeBRQfsZU.exetEfmGVt.exeofuwsHi.exeQEZwhnp.exeydQlBgc.exewoWuQDM.exewjxkQuf.exeNIDGkaO.exetTLwdCn.exeMnrMGuN.exeJScgStp.exefwZMqLq.exeFyrVYqb.exexlZTMxW.exeSaBZxLq.exeCGycbJg.exeTfnyILq.exedcSZclH.exeAJMmDDe.exeINSPioK.exexPqhuwZ.exeTwerXBN.exeJkTHWOL.exeVOCGvnC.exenFwxHPw.exeVUzdySA.exeZpDGDDk.exefDHkYZD.exeYhkqWHW.exeYcpXVUu.exeZczEgvg.exeemTPlMm.exeQcvSGnh.exeNUpDrCl.exeIteZRcF.exeqlerIPh.exezfCqTxk.exeYvAEhib.exe

pid	process
1936	jzCWpga.exe
1236	RzdoaJI.exe
3004	JNuTLyu.exe
2616	lupQsct.exe
2612	VnzdUJK.exe
2100	mvIJbYM.exe
2424	UBfVHuk.exe
2576	GBmYmPf.exe
2700	eKHPFpA.exe
2340	tDEzGmk.exe
2412	rubeAQN.exe
2492	CgOGUhx.exe
2676	kixyDSz.exe
1876	fMHgjDc.exe
2208	NLInwRz.exe
1860	wXUiKoX.exe
2308	kRRySnm.exe
1052	qHPaszy.exe
2004	VeWNsfC.exe
1604	wZmXJLd.exe
1796	bSaLhvi.exe
2288	jZtCFmx.exe
776	TFIMGqj.exe
1700	AxjZWzn.exe
1920	IzRflIP.exe
1308	MgNMZQY.exe
2972	BRQfsZU.exe
1972	tEfmGVt.exe
1580	ofuwsHi.exe
844	QEZwhnp.exe
1540	ydQlBgc.exe
2216	woWuQDM.exe
1952	wjxkQuf.exe
868	NIDGkaO.exe
3052	tTLwdCn.exe
2044	MnrMGuN.exe
900	JScgStp.exe
692	fwZMqLq.exe
2088	FyrVYqb.exe
1516	xlZTMxW.exe
2356	SaBZxLq.exe
748	CGycbJg.exe
1704	TfnyILq.exe
2148	dcSZclH.exe
2296	AJMmDDe.exe
2788	INSPioK.exe
2076	xPqhuwZ.exe
2080	TwerXBN.exe
2544	JkTHWOL.exe
2020	VOCGvnC.exe
1488	nFwxHPw.exe
2376	VUzdySA.exe
2416	ZpDGDDk.exe
1868	fDHkYZD.exe
2888	YhkqWHW.exe
2604	YcpXVUu.exe
448	ZczEgvg.exe
2112	emTPlMm.exe
1184	QcvSGnh.exe
1576	NUpDrCl.exe
2800	IteZRcF.exe
2948	qlerIPh.exe
696	zfCqTxk.exe
2956	YvAEhib.exe

Loads dropped DLL 64 IoCs

Processes:

2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe

pid	process
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1924-0-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
\Windows\system\jzCWpga.exe	upx
C:\Windows\system\RzdoaJI.exe	upx
C:\Windows\system\lupQsct.exe	upx
behavioral1/memory/3004-20-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
C:\Windows\system\VnzdUJK.exe	upx
C:\Windows\system\UBfVHuk.exe	upx
\Windows\system\GBmYmPf.exe	upx
C:\Windows\system\mvIJbYM.exe	upx
\Windows\system\rubeAQN.exe	upx
\Windows\system\tDEzGmk.exe	upx
C:\Windows\system\CgOGUhx.exe	upx
C:\Windows\system\fMHgjDc.exe	upx
behavioral1/memory/1924-2430-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
C:\Windows\system\wXUiKoX.exe	upx
\Windows\system\VUzdySA.exe	upx
\Windows\system\nFwxHPw.exe	upx
\Windows\system\xPqhuwZ.exe	upx
\Windows\system\INSPioK.exe	upx
\Windows\system\AJMmDDe.exe	upx
\Windows\system\dcSZclH.exe	upx
\Windows\system\tTLwdCn.exe	upx
\Windows\system\NIDGkaO.exe	upx
\Windows\system\kRRySnm.exe	upx
C:\Windows\system\VeWNsfC.exe	upx
\Windows\system\wjxkQuf.exe	upx
\Windows\system\tEfmGVt.exe	upx
C:\Windows\system\BRQfsZU.exe	upx
C:\Windows\system\MgNMZQY.exe	upx
C:\Windows\system\IzRflIP.exe	upx
C:\Windows\system\AxjZWzn.exe	upx
C:\Windows\system\TFIMGqj.exe	upx
C:\Windows\system\jZtCFmx.exe	upx
behavioral1/memory/1876-95-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2676-93-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2492-91-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2412-89-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2340-87-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/2700-86-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2576-85-0x000000013F510000-0x000000013F864000-memory.dmp	upx
C:\Windows\system\bSaLhvi.exe	upx
C:\Windows\system\wZmXJLd.exe	upx
behavioral1/memory/2612-109-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/2424-83-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
C:\Windows\system\qHPaszy.exe	upx
behavioral1/memory/2100-81-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2616-107-0x000000013F220000-0x000000013F574000-memory.dmp	upx
C:\Windows\system\NLInwRz.exe	upx
C:\Windows\system\kixyDSz.exe	upx
behavioral1/memory/1236-44-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
C:\Windows\system\eKHPFpA.exe	upx
behavioral1/memory/1936-26-0x000000013F140000-0x000000013F494000-memory.dmp	upx
C:\Windows\system\JNuTLyu.exe	upx
behavioral1/memory/2700-3688-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2576-3684-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2100-3673-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2492-3698-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2424-3713-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2412-3729-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2676-3728-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/1876-3737-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/1936-3767-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/3004-3770-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2612-3693-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe

description	ioc	process
File created	C:\Windows\System\HyXoWNT.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\pfecZzI.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\HZZvmcM.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\MEsGUsF.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\rSKNUQL.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\aBZNivL.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\EDpVKtn.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\EtcoNEQ.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\BRQfsZU.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\DQASEcB.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\CIGRdCo.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\tDEzGmk.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\aicBzsj.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\xUdOFXJ.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\uanWvIt.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\PTchLFl.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\NmoAOwE.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\OANHvWE.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\ERVaOyl.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\EAKSpeS.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\GqMpJQa.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\foxsLpW.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\vnRlwsq.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\kGYmcjS.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\rUPmPNk.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\GcCvbea.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\MMtExIm.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\iHstmjX.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\QVGGNrP.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\QbBTzQc.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\FMzFDBP.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\rglWpGY.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\KyReijj.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\oWsbYmT.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\BUJOYtr.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\OGriYRh.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\lTANeBh.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\EdLkpMq.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\iTrEGxn.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\FwklQpG.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\CasgDvD.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\GPuDfyz.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\vjosgsH.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\tFPoXNw.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\JrtlRre.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\rtoElZW.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\pluIWrF.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\mqDhwjr.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\qFeczps.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\ZfMuheT.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\WHXyrQA.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\OeeqizJ.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\ifqsjhM.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\zuSKsQL.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\thGvWVQ.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\SRqChBJ.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\xVslKjl.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\VyqyRGm.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\DsIfUGp.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\luKRUiq.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\fwQhGsp.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\PTqTEIy.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\euSbdFN.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\kwkIZiw.exe	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe

description	pid	process	target process
PID 1924 wrote to memory of 1936	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	jzCWpga.exe
PID 1924 wrote to memory of 1936	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	jzCWpga.exe
PID 1924 wrote to memory of 1936	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	jzCWpga.exe
PID 1924 wrote to memory of 1236	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	RzdoaJI.exe
PID 1924 wrote to memory of 1236	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	RzdoaJI.exe
PID 1924 wrote to memory of 1236	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	RzdoaJI.exe
PID 1924 wrote to memory of 3004	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	JNuTLyu.exe
PID 1924 wrote to memory of 3004	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	JNuTLyu.exe
PID 1924 wrote to memory of 3004	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	JNuTLyu.exe
PID 1924 wrote to memory of 2616	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	lupQsct.exe
PID 1924 wrote to memory of 2616	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	lupQsct.exe
PID 1924 wrote to memory of 2616	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	lupQsct.exe
PID 1924 wrote to memory of 2612	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	VnzdUJK.exe
PID 1924 wrote to memory of 2612	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	VnzdUJK.exe
PID 1924 wrote to memory of 2612	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	VnzdUJK.exe
PID 1924 wrote to memory of 2100	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	mvIJbYM.exe
PID 1924 wrote to memory of 2100	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	mvIJbYM.exe
PID 1924 wrote to memory of 2100	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	mvIJbYM.exe
PID 1924 wrote to memory of 2424	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	UBfVHuk.exe
PID 1924 wrote to memory of 2424	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	UBfVHuk.exe
PID 1924 wrote to memory of 2424	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	UBfVHuk.exe
PID 1924 wrote to memory of 2576	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	GBmYmPf.exe
PID 1924 wrote to memory of 2576	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	GBmYmPf.exe
PID 1924 wrote to memory of 2576	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	GBmYmPf.exe
PID 1924 wrote to memory of 2700	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	eKHPFpA.exe
PID 1924 wrote to memory of 2700	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	eKHPFpA.exe
PID 1924 wrote to memory of 2700	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	eKHPFpA.exe
PID 1924 wrote to memory of 2340	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	tDEzGmk.exe
PID 1924 wrote to memory of 2340	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	tDEzGmk.exe
PID 1924 wrote to memory of 2340	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	tDEzGmk.exe
PID 1924 wrote to memory of 2412	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	rubeAQN.exe
PID 1924 wrote to memory of 2412	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	rubeAQN.exe
PID 1924 wrote to memory of 2412	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	rubeAQN.exe
PID 1924 wrote to memory of 2492	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	CgOGUhx.exe
PID 1924 wrote to memory of 2492	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	CgOGUhx.exe
PID 1924 wrote to memory of 2492	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	CgOGUhx.exe
PID 1924 wrote to memory of 2676	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	kixyDSz.exe
PID 1924 wrote to memory of 2676	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	kixyDSz.exe
PID 1924 wrote to memory of 2676	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	kixyDSz.exe
PID 1924 wrote to memory of 1876	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	fMHgjDc.exe
PID 1924 wrote to memory of 1876	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	fMHgjDc.exe
PID 1924 wrote to memory of 1876	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	fMHgjDc.exe
PID 1924 wrote to memory of 2208	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	NLInwRz.exe
PID 1924 wrote to memory of 2208	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	NLInwRz.exe
PID 1924 wrote to memory of 2208	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	NLInwRz.exe
PID 1924 wrote to memory of 2308	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	kRRySnm.exe
PID 1924 wrote to memory of 2308	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	kRRySnm.exe
PID 1924 wrote to memory of 2308	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	kRRySnm.exe
PID 1924 wrote to memory of 1860	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	wXUiKoX.exe
PID 1924 wrote to memory of 1860	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	wXUiKoX.exe
PID 1924 wrote to memory of 1860	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	wXUiKoX.exe
PID 1924 wrote to memory of 2004	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	VeWNsfC.exe
PID 1924 wrote to memory of 2004	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	VeWNsfC.exe
PID 1924 wrote to memory of 2004	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	VeWNsfC.exe
PID 1924 wrote to memory of 1052	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	qHPaszy.exe
PID 1924 wrote to memory of 1052	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	qHPaszy.exe
PID 1924 wrote to memory of 1052	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	qHPaszy.exe
PID 1924 wrote to memory of 1952	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	wjxkQuf.exe
PID 1924 wrote to memory of 1952	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	wjxkQuf.exe
PID 1924 wrote to memory of 1952	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	wjxkQuf.exe
PID 1924 wrote to memory of 1604	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	wZmXJLd.exe
PID 1924 wrote to memory of 1604	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	wZmXJLd.exe
PID 1924 wrote to memory of 1604	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	wZmXJLd.exe
PID 1924 wrote to memory of 868	1924	2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe	NIDGkaO.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-20_31cadf650f28b43b4216e0f88609dc42_cobalt-strike_cobaltstrike.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1924

C:\Windows\System\jzCWpga.exe
C:\Windows\System\jzCWpga.exe
2⤵
- Executes dropped EXE
PID:1936

C:\Windows\System\RzdoaJI.exe
C:\Windows\System\RzdoaJI.exe
2⤵
- Executes dropped EXE
PID:1236

C:\Windows\System\JNuTLyu.exe
C:\Windows\System\JNuTLyu.exe
2⤵
- Executes dropped EXE
PID:3004

C:\Windows\System\lupQsct.exe
C:\Windows\System\lupQsct.exe
2⤵
- Executes dropped EXE
PID:2616

C:\Windows\System\VnzdUJK.exe
C:\Windows\System\VnzdUJK.exe
2⤵
- Executes dropped EXE
PID:2612

C:\Windows\System\mvIJbYM.exe
C:\Windows\System\mvIJbYM.exe
2⤵
- Executes dropped EXE
PID:2100

C:\Windows\System\UBfVHuk.exe
C:\Windows\System\UBfVHuk.exe
2⤵
- Executes dropped EXE
PID:2424

C:\Windows\System\GBmYmPf.exe
C:\Windows\System\GBmYmPf.exe
2⤵
- Executes dropped EXE
PID:2576

C:\Windows\System\eKHPFpA.exe
C:\Windows\System\eKHPFpA.exe
2⤵
- Executes dropped EXE
PID:2700

C:\Windows\System\tDEzGmk.exe
C:\Windows\System\tDEzGmk.exe
2⤵
- Executes dropped EXE
PID:2340

C:\Windows\System\rubeAQN.exe
C:\Windows\System\rubeAQN.exe
2⤵
- Executes dropped EXE
PID:2412

C:\Windows\System\CgOGUhx.exe
C:\Windows\System\CgOGUhx.exe
2⤵
- Executes dropped EXE
PID:2492

C:\Windows\System\kixyDSz.exe
C:\Windows\System\kixyDSz.exe
2⤵
- Executes dropped EXE
PID:2676

C:\Windows\System\fMHgjDc.exe
C:\Windows\System\fMHgjDc.exe
2⤵
- Executes dropped EXE
PID:1876

C:\Windows\System\NLInwRz.exe
C:\Windows\System\NLInwRz.exe
2⤵
- Executes dropped EXE
PID:2208

C:\Windows\System\kRRySnm.exe
C:\Windows\System\kRRySnm.exe
2⤵
- Executes dropped EXE
PID:2308

C:\Windows\System\wXUiKoX.exe
C:\Windows\System\wXUiKoX.exe
2⤵
- Executes dropped EXE
PID:1860

C:\Windows\System\VeWNsfC.exe
C:\Windows\System\VeWNsfC.exe
2⤵
- Executes dropped EXE
PID:2004

C:\Windows\System\qHPaszy.exe
C:\Windows\System\qHPaszy.exe
2⤵
- Executes dropped EXE
PID:1052

C:\Windows\System\wjxkQuf.exe
C:\Windows\System\wjxkQuf.exe
2⤵
- Executes dropped EXE
PID:1952

C:\Windows\System\wZmXJLd.exe
C:\Windows\System\wZmXJLd.exe
2⤵
- Executes dropped EXE
PID:1604

C:\Windows\System\NIDGkaO.exe
C:\Windows\System\NIDGkaO.exe
2⤵
- Executes dropped EXE
PID:868

C:\Windows\System\bSaLhvi.exe
C:\Windows\System\bSaLhvi.exe
2⤵
- Executes dropped EXE
PID:1796

C:\Windows\System\tTLwdCn.exe
C:\Windows\System\tTLwdCn.exe
2⤵
- Executes dropped EXE
PID:3052

C:\Windows\System\jZtCFmx.exe
C:\Windows\System\jZtCFmx.exe
2⤵
- Executes dropped EXE
PID:2288

C:\Windows\System\dcSZclH.exe
C:\Windows\System\dcSZclH.exe
2⤵
- Executes dropped EXE
PID:2148

C:\Windows\System\TFIMGqj.exe
C:\Windows\System\TFIMGqj.exe
2⤵
- Executes dropped EXE
PID:776

C:\Windows\System\AJMmDDe.exe
C:\Windows\System\AJMmDDe.exe
2⤵
- Executes dropped EXE
PID:2296

C:\Windows\System\AxjZWzn.exe
C:\Windows\System\AxjZWzn.exe
2⤵
- Executes dropped EXE
PID:1700

C:\Windows\System\INSPioK.exe
C:\Windows\System\INSPioK.exe
2⤵
- Executes dropped EXE
PID:2788

C:\Windows\System\IzRflIP.exe
C:\Windows\System\IzRflIP.exe
2⤵
- Executes dropped EXE
PID:1920

C:\Windows\System\xPqhuwZ.exe
C:\Windows\System\xPqhuwZ.exe
2⤵
- Executes dropped EXE
PID:2076

C:\Windows\System\MgNMZQY.exe
C:\Windows\System\MgNMZQY.exe
2⤵
- Executes dropped EXE
PID:1308

C:\Windows\System\nFwxHPw.exe
C:\Windows\System\nFwxHPw.exe
2⤵
- Executes dropped EXE
PID:1488

C:\Windows\System\BRQfsZU.exe
C:\Windows\System\BRQfsZU.exe
2⤵
- Executes dropped EXE
PID:2972

C:\Windows\System\VUzdySA.exe
C:\Windows\System\VUzdySA.exe
2⤵
- Executes dropped EXE
PID:2376

C:\Windows\System\tEfmGVt.exe
C:\Windows\System\tEfmGVt.exe
2⤵
- Executes dropped EXE
PID:1972

C:\Windows\System\ZczEgvg.exe
C:\Windows\System\ZczEgvg.exe
2⤵
- Executes dropped EXE
PID:448

C:\Windows\System\ofuwsHi.exe
C:\Windows\System\ofuwsHi.exe
2⤵
- Executes dropped EXE
PID:1580

C:\Windows\System\emTPlMm.exe
C:\Windows\System\emTPlMm.exe
2⤵
- Executes dropped EXE
PID:2112

C:\Windows\System\QEZwhnp.exe
C:\Windows\System\QEZwhnp.exe
2⤵
- Executes dropped EXE
PID:844

C:\Windows\System\zfCqTxk.exe
C:\Windows\System\zfCqTxk.exe
2⤵
- Executes dropped EXE
PID:696

C:\Windows\System\ydQlBgc.exe
C:\Windows\System\ydQlBgc.exe
2⤵
- Executes dropped EXE
PID:1540

C:\Windows\System\YvAEhib.exe
C:\Windows\System\YvAEhib.exe
2⤵
- Executes dropped EXE
PID:2956

C:\Windows\System\woWuQDM.exe
C:\Windows\System\woWuQDM.exe
2⤵
- Executes dropped EXE
PID:2216

C:\Windows\System\YhLklbn.exe
C:\Windows\System\YhLklbn.exe
2⤵
PID:1340

C:\Windows\System\MnrMGuN.exe
C:\Windows\System\MnrMGuN.exe
2⤵
- Executes dropped EXE
PID:2044

C:\Windows\System\XWPepPk.exe
C:\Windows\System\XWPepPk.exe
2⤵
PID:1240

C:\Windows\System\JScgStp.exe
C:\Windows\System\JScgStp.exe
2⤵
- Executes dropped EXE
PID:900

C:\Windows\System\DYVIuMI.exe
C:\Windows\System\DYVIuMI.exe
2⤵
PID:940

C:\Windows\System\fwZMqLq.exe
C:\Windows\System\fwZMqLq.exe
2⤵
- Executes dropped EXE
PID:692

C:\Windows\System\ybtVTVq.exe
C:\Windows\System\ybtVTVq.exe
2⤵
PID:2812

C:\Windows\System\FyrVYqb.exe
C:\Windows\System\FyrVYqb.exe
2⤵
- Executes dropped EXE
PID:2088

C:\Windows\System\TqnpKtt.exe
C:\Windows\System\TqnpKtt.exe
2⤵
PID:1684

C:\Windows\System\xlZTMxW.exe
C:\Windows\System\xlZTMxW.exe
2⤵
- Executes dropped EXE
PID:1516

C:\Windows\System\ZQjscid.exe
C:\Windows\System\ZQjscid.exe
2⤵
PID:2992

C:\Windows\System\SaBZxLq.exe
C:\Windows\System\SaBZxLq.exe
2⤵
- Executes dropped EXE
PID:2356

C:\Windows\System\XffXqzB.exe
C:\Windows\System\XffXqzB.exe
2⤵
PID:888

C:\Windows\System\CGycbJg.exe
C:\Windows\System\CGycbJg.exe
2⤵
- Executes dropped EXE
PID:748

C:\Windows\System\RDcalGJ.exe
C:\Windows\System\RDcalGJ.exe
2⤵
PID:1616

C:\Windows\System\TfnyILq.exe
C:\Windows\System\TfnyILq.exe
2⤵
- Executes dropped EXE
PID:1704

C:\Windows\System\czhYbsU.exe
C:\Windows\System\czhYbsU.exe
2⤵
PID:1596

C:\Windows\System\TwerXBN.exe
C:\Windows\System\TwerXBN.exe
2⤵
- Executes dropped EXE
PID:2080

C:\Windows\System\OEJiCym.exe
C:\Windows\System\OEJiCym.exe
2⤵
PID:2652

C:\Windows\System\JkTHWOL.exe
C:\Windows\System\JkTHWOL.exe
2⤵
- Executes dropped EXE
PID:2544

C:\Windows\System\bZYCSdV.exe
C:\Windows\System\bZYCSdV.exe
2⤵
PID:2680

C:\Windows\System\VOCGvnC.exe
C:\Windows\System\VOCGvnC.exe
2⤵
- Executes dropped EXE
PID:2020

C:\Windows\System\GFFmVOi.exe
C:\Windows\System\GFFmVOi.exe
2⤵
PID:2468

C:\Windows\System\ZpDGDDk.exe
C:\Windows\System\ZpDGDDk.exe
2⤵
- Executes dropped EXE
PID:2416

C:\Windows\System\MMOHCeM.exe
C:\Windows\System\MMOHCeM.exe
2⤵
PID:2916

C:\Windows\System\fDHkYZD.exe
C:\Windows\System\fDHkYZD.exe
2⤵
- Executes dropped EXE
PID:1868

C:\Windows\System\MDWrLeN.exe
C:\Windows\System\MDWrLeN.exe
2⤵
PID:1640

C:\Windows\System\YhkqWHW.exe
C:\Windows\System\YhkqWHW.exe
2⤵
- Executes dropped EXE
PID:2888

C:\Windows\System\naVdaip.exe
C:\Windows\System\naVdaip.exe
2⤵
PID:1948

C:\Windows\System\YcpXVUu.exe
C:\Windows\System\YcpXVUu.exe
2⤵
- Executes dropped EXE
PID:2604

C:\Windows\System\NEyqOPB.exe
C:\Windows\System\NEyqOPB.exe
2⤵
PID:1712

C:\Windows\System\QcvSGnh.exe
C:\Windows\System\QcvSGnh.exe
2⤵
- Executes dropped EXE
PID:1184

C:\Windows\System\PCfztxI.exe
C:\Windows\System\PCfztxI.exe
2⤵
PID:1776

C:\Windows\System\NUpDrCl.exe
C:\Windows\System\NUpDrCl.exe
2⤵
- Executes dropped EXE
PID:1576

C:\Windows\System\xSKzKDT.exe
C:\Windows\System\xSKzKDT.exe
2⤵
PID:2280

C:\Windows\System\IteZRcF.exe
C:\Windows\System\IteZRcF.exe
2⤵
- Executes dropped EXE
PID:2800

C:\Windows\System\MajkvQN.exe
C:\Windows\System\MajkvQN.exe
2⤵
PID:1968

C:\Windows\System\qlerIPh.exe
C:\Windows\System\qlerIPh.exe
2⤵
- Executes dropped EXE
PID:2948

C:\Windows\System\JIbqdAn.exe
C:\Windows\System\JIbqdAn.exe
2⤵
PID:1792

C:\Windows\System\whiYtWT.exe
C:\Windows\System\whiYtWT.exe
2⤵
PID:984

C:\Windows\System\YttqeqD.exe
C:\Windows\System\YttqeqD.exe
2⤵
PID:2352

C:\Windows\System\xZgJsBX.exe
C:\Windows\System\xZgJsBX.exe
2⤵
PID:324

C:\Windows\System\NLkPsRD.exe
C:\Windows\System\NLkPsRD.exe
2⤵
PID:2968

C:\Windows\System\EdLkpMq.exe
C:\Windows\System\EdLkpMq.exe
2⤵
PID:1080

C:\Windows\System\lCIEHrK.exe
C:\Windows\System\lCIEHrK.exe
2⤵
PID:1984

C:\Windows\System\vCokWpu.exe
C:\Windows\System\vCokWpu.exe
2⤵
PID:884

C:\Windows\System\YWepQYF.exe
C:\Windows\System\YWepQYF.exe
2⤵
PID:2640

C:\Windows\System\OJelBJj.exe
C:\Windows\System\OJelBJj.exe
2⤵
PID:2548

C:\Windows\System\PTchLFl.exe
C:\Windows\System\PTchLFl.exe
2⤵
PID:2908

C:\Windows\System\OMzVVsO.exe
C:\Windows\System\OMzVVsO.exe
2⤵
PID:2168

C:\Windows\System\jJzCnMX.exe
C:\Windows\System\jJzCnMX.exe
2⤵
PID:2388

C:\Windows\System\jfSXkdG.exe
C:\Windows\System\jfSXkdG.exe
2⤵
PID:2508

C:\Windows\System\PmIKiKL.exe
C:\Windows\System\PmIKiKL.exe
2⤵
PID:2988

C:\Windows\System\SAUYnms.exe
C:\Windows\System\SAUYnms.exe
2⤵
PID:1652

C:\Windows\System\sheUkCF.exe
C:\Windows\System\sheUkCF.exe
2⤵
PID:1364

C:\Windows\System\cDlwmpa.exe
C:\Windows\System\cDlwmpa.exe
2⤵
PID:2512

C:\Windows\System\sHYopLA.exe
C:\Windows\System\sHYopLA.exe
2⤵
PID:2880

C:\Windows\System\yUboULy.exe
C:\Windows\System\yUboULy.exe
2⤵
PID:612

C:\Windows\System\SrAFsSS.exe
C:\Windows\System\SrAFsSS.exe
2⤵
PID:2824

C:\Windows\System\lnHvtmC.exe
C:\Windows\System\lnHvtmC.exe
2⤵
PID:2192

C:\Windows\System\FvJBkPA.exe
C:\Windows\System\FvJBkPA.exe
2⤵
PID:1960

C:\Windows\System\brtITrL.exe
C:\Windows\System\brtITrL.exe
2⤵
PID:1740

C:\Windows\System\FjWsDwC.exe
C:\Windows\System\FjWsDwC.exe
2⤵
PID:3024

C:\Windows\System\RoExisv.exe
C:\Windows\System\RoExisv.exe
2⤵
PID:412

C:\Windows\System\guAIqBm.exe
C:\Windows\System\guAIqBm.exe
2⤵
PID:1372

C:\Windows\System\WaEKWWb.exe
C:\Windows\System\WaEKWWb.exe
2⤵
PID:2136

C:\Windows\System\kbXsFNQ.exe
C:\Windows\System\kbXsFNQ.exe
2⤵
PID:2152

C:\Windows\System\NVFFjfU.exe
C:\Windows\System\NVFFjfU.exe
2⤵
PID:1368

C:\Windows\System\RTCtvlh.exe
C:\Windows\System\RTCtvlh.exe
2⤵
PID:2820

C:\Windows\System\YsIAlWy.exe
C:\Windows\System\YsIAlWy.exe
2⤵
PID:2268

C:\Windows\System\PGvpFRP.exe
C:\Windows\System\PGvpFRP.exe
2⤵
PID:1832

C:\Windows\System\FaFDxXN.exe
C:\Windows\System\FaFDxXN.exe
2⤵
PID:2776

C:\Windows\System\cslLFPz.exe
C:\Windows\System\cslLFPz.exe
2⤵
PID:3084

C:\Windows\System\KAsNzjt.exe
C:\Windows\System\KAsNzjt.exe
2⤵
PID:3108

C:\Windows\System\ebBGOle.exe
C:\Windows\System\ebBGOle.exe
2⤵
PID:3124

C:\Windows\System\desfZdd.exe
C:\Windows\System\desfZdd.exe
2⤵
PID:3140

C:\Windows\System\vdQgJys.exe
C:\Windows\System\vdQgJys.exe
2⤵
PID:3156

C:\Windows\System\aPcQcda.exe
C:\Windows\System\aPcQcda.exe
2⤵
PID:3172

C:\Windows\System\ZMjlpkt.exe
C:\Windows\System\ZMjlpkt.exe
2⤵
PID:3200

C:\Windows\System\DZeFJNS.exe
C:\Windows\System\DZeFJNS.exe
2⤵
PID:3248

C:\Windows\System\SRMfPaB.exe
C:\Windows\System\SRMfPaB.exe
2⤵
PID:3264

C:\Windows\System\ubUnhzk.exe
C:\Windows\System\ubUnhzk.exe
2⤵
PID:3284

C:\Windows\System\YCwfwkv.exe
C:\Windows\System\YCwfwkv.exe
2⤵
PID:3300

C:\Windows\System\ZJbgXNt.exe
C:\Windows\System\ZJbgXNt.exe
2⤵
PID:3332

C:\Windows\System\MEsGUsF.exe
C:\Windows\System\MEsGUsF.exe
2⤵
PID:3352

C:\Windows\System\lEWqMsf.exe
C:\Windows\System\lEWqMsf.exe
2⤵
PID:3368

C:\Windows\System\BnXMNQM.exe
C:\Windows\System\BnXMNQM.exe
2⤵
PID:3384

C:\Windows\System\IUrpwlV.exe
C:\Windows\System\IUrpwlV.exe
2⤵
PID:3408

C:\Windows\System\MAeddJZ.exe
C:\Windows\System\MAeddJZ.exe
2⤵
PID:3424

C:\Windows\System\QIefUJi.exe
C:\Windows\System\QIefUJi.exe
2⤵
PID:3440

C:\Windows\System\SabMJHi.exe
C:\Windows\System\SabMJHi.exe
2⤵
PID:3456

C:\Windows\System\PQnSGPy.exe
C:\Windows\System\PQnSGPy.exe
2⤵
PID:3472

C:\Windows\System\ESGdLFh.exe
C:\Windows\System\ESGdLFh.exe
2⤵
PID:3496

C:\Windows\System\ZOcrAMQ.exe
C:\Windows\System\ZOcrAMQ.exe
2⤵
PID:3520

C:\Windows\System\BkwuYyG.exe
C:\Windows\System\BkwuYyG.exe
2⤵
PID:3544

C:\Windows\System\naFEQke.exe
C:\Windows\System\naFEQke.exe
2⤵
PID:3560

C:\Windows\System\avhfKsB.exe
C:\Windows\System\avhfKsB.exe
2⤵
PID:3576

C:\Windows\System\cxdbZdT.exe
C:\Windows\System\cxdbZdT.exe
2⤵
PID:3608

C:\Windows\System\qnkqXvH.exe
C:\Windows\System\qnkqXvH.exe
2⤵
PID:3628

C:\Windows\System\BdmQPlw.exe
C:\Windows\System\BdmQPlw.exe
2⤵
PID:3648

C:\Windows\System\oQwAfUj.exe
C:\Windows\System\oQwAfUj.exe
2⤵
PID:3664

C:\Windows\System\FzxWeGi.exe
C:\Windows\System\FzxWeGi.exe
2⤵
PID:3680

C:\Windows\System\UNsbFaE.exe
C:\Windows\System\UNsbFaE.exe
2⤵
PID:3696

C:\Windows\System\ExqiLcx.exe
C:\Windows\System\ExqiLcx.exe
2⤵
PID:3712

C:\Windows\System\RFGCODx.exe
C:\Windows\System\RFGCODx.exe
2⤵
PID:3728

C:\Windows\System\QbBTzQc.exe
C:\Windows\System\QbBTzQc.exe
2⤵
PID:3744

C:\Windows\System\cselwsJ.exe
C:\Windows\System\cselwsJ.exe
2⤵
PID:3760

C:\Windows\System\RRcrgvf.exe
C:\Windows\System\RRcrgvf.exe
2⤵
PID:3776

C:\Windows\System\NtYWAsl.exe
C:\Windows\System\NtYWAsl.exe
2⤵
PID:3792

C:\Windows\System\yTRBEzQ.exe
C:\Windows\System\yTRBEzQ.exe
2⤵
PID:3808

C:\Windows\System\fCiAIKY.exe
C:\Windows\System\fCiAIKY.exe
2⤵
PID:3824

C:\Windows\System\vetLgHd.exe
C:\Windows\System\vetLgHd.exe
2⤵
PID:3840

C:\Windows\System\IhIMrDY.exe
C:\Windows\System\IhIMrDY.exe
2⤵
PID:3856

C:\Windows\System\ilwfZNt.exe
C:\Windows\System\ilwfZNt.exe
2⤵
PID:3876

C:\Windows\System\RXhUCbX.exe
C:\Windows\System\RXhUCbX.exe
2⤵
PID:3892

C:\Windows\System\EOdufqs.exe
C:\Windows\System\EOdufqs.exe
2⤵
PID:3908

C:\Windows\System\mTQlaxM.exe
C:\Windows\System\mTQlaxM.exe
2⤵
PID:3924

C:\Windows\System\MVIMrlv.exe
C:\Windows\System\MVIMrlv.exe
2⤵
PID:3952

C:\Windows\System\vhvQHHE.exe
C:\Windows\System\vhvQHHE.exe
2⤵
PID:4032

C:\Windows\System\jzYlDdu.exe
C:\Windows\System\jzYlDdu.exe
2⤵
PID:4048

C:\Windows\System\MFgAihR.exe
C:\Windows\System\MFgAihR.exe
2⤵
PID:4064

C:\Windows\System\SxoDEjM.exe
C:\Windows\System\SxoDEjM.exe
2⤵
PID:4080

C:\Windows\System\hMtRhLI.exe
C:\Windows\System\hMtRhLI.exe
2⤵
PID:1600

C:\Windows\System\DNHCxCj.exe
C:\Windows\System\DNHCxCj.exe
2⤵
PID:2540

C:\Windows\System\SYUqCsD.exe
C:\Windows\System\SYUqCsD.exe
2⤵
PID:2060

C:\Windows\System\rqGBeoh.exe
C:\Windows\System\rqGBeoh.exe
2⤵
PID:2400

C:\Windows\System\MfdEogh.exe
C:\Windows\System\MfdEogh.exe
2⤵
PID:3080

C:\Windows\System\yaCuPMV.exe
C:\Windows\System\yaCuPMV.exe
2⤵
PID:1744

C:\Windows\System\JjwYQpq.exe
C:\Windows\System\JjwYQpq.exe
2⤵
PID:2436

C:\Windows\System\JJAkOHi.exe
C:\Windows\System\JJAkOHi.exe
2⤵
PID:3116

C:\Windows\System\dtGcLhY.exe
C:\Windows\System\dtGcLhY.exe
2⤵
PID:3180

C:\Windows\System\ILZyPvj.exe
C:\Windows\System\ILZyPvj.exe
2⤵
PID:3104

C:\Windows\System\qTvZKYA.exe
C:\Windows\System\qTvZKYA.exe
2⤵
PID:3168

C:\Windows\System\dJwuSFp.exe
C:\Windows\System\dJwuSFp.exe
2⤵
PID:2012

C:\Windows\System\ecXdnXE.exe
C:\Windows\System\ecXdnXE.exe
2⤵
PID:1964

C:\Windows\System\JTwvcOS.exe
C:\Windows\System\JTwvcOS.exe
2⤵
PID:3208

C:\Windows\System\BCdBHHR.exe
C:\Windows\System\BCdBHHR.exe
2⤵
PID:3256

C:\Windows\System\UFKoWHE.exe
C:\Windows\System\UFKoWHE.exe
2⤵
PID:3260

C:\Windows\System\nPzfdKO.exe
C:\Windows\System\nPzfdKO.exe
2⤵
PID:3280

C:\Windows\System\pxeSIdY.exe
C:\Windows\System\pxeSIdY.exe
2⤵
PID:3340

C:\Windows\System\fVyuPpp.exe
C:\Windows\System\fVyuPpp.exe
2⤵
PID:3380

C:\Windows\System\luUHTNb.exe
C:\Windows\System\luUHTNb.exe
2⤵
PID:3392

C:\Windows\System\CEVQtnf.exe
C:\Windows\System\CEVQtnf.exe
2⤵
PID:3432

C:\Windows\System\GtyajOS.exe
C:\Windows\System\GtyajOS.exe
2⤵
PID:3464

C:\Windows\System\FrqWgwi.exe
C:\Windows\System\FrqWgwi.exe
2⤵
PID:3620

C:\Windows\System\PJIwWff.exe
C:\Windows\System\PJIwWff.exe
2⤵
PID:2828

C:\Windows\System\RRgrUQv.exe
C:\Windows\System\RRgrUQv.exe
2⤵
PID:3512

C:\Windows\System\flWojpw.exe
C:\Windows\System\flWojpw.exe
2⤵
PID:3692

C:\Windows\System\dsQwnyU.exe
C:\Windows\System\dsQwnyU.exe
2⤵
PID:3756

C:\Windows\System\ofWhznY.exe
C:\Windows\System\ofWhznY.exe
2⤵
PID:3468

C:\Windows\System\WxrxdAL.exe
C:\Windows\System\WxrxdAL.exe
2⤵
PID:3584

C:\Windows\System\iVQXrGM.exe
C:\Windows\System\iVQXrGM.exe
2⤵
PID:3604

C:\Windows\System\NsJsPRK.exe
C:\Windows\System\NsJsPRK.exe
2⤵
PID:3980

C:\Windows\System\DsIfUGp.exe
C:\Windows\System\DsIfUGp.exe
2⤵
PID:3996

C:\Windows\System\DCQQIgZ.exe
C:\Windows\System\DCQQIgZ.exe
2⤵
PID:4008

C:\Windows\System\oFkRmAu.exe
C:\Windows\System\oFkRmAu.exe
2⤵
PID:3772

C:\Windows\System\tzgTHsL.exe
C:\Windows\System\tzgTHsL.exe
2⤵
PID:3872

C:\Windows\System\ZGvVNHS.exe
C:\Windows\System\ZGvVNHS.exe
2⤵
PID:3644

C:\Windows\System\abJypmH.exe
C:\Windows\System\abJypmH.exe
2⤵
PID:3740

C:\Windows\System\CecrLgx.exe
C:\Windows\System\CecrLgx.exe
2⤵
PID:3672

C:\Windows\System\hrzUnUP.exe
C:\Windows\System\hrzUnUP.exe
2⤵
PID:4044

C:\Windows\System\UZwcCdu.exe
C:\Windows\System\UZwcCdu.exe
2⤵
PID:2520

C:\Windows\System\WleSmNu.exe
C:\Windows\System\WleSmNu.exe
2⤵
PID:4092

C:\Windows\System\EJGHRco.exe
C:\Windows\System\EJGHRco.exe
2⤵
PID:2028

C:\Windows\System\rmFfEjf.exe
C:\Windows\System\rmFfEjf.exe
2⤵
PID:1320

C:\Windows\System\wjRfxQq.exe
C:\Windows\System\wjRfxQq.exe
2⤵
PID:3224

C:\Windows\System\YErxhKG.exe
C:\Windows\System\YErxhKG.exe
2⤵
PID:3296

C:\Windows\System\kDELzdE.exe
C:\Windows\System\kDELzdE.exe
2⤵
PID:3376

C:\Windows\System\YoybLyI.exe
C:\Windows\System\YoybLyI.exe
2⤵
PID:3184

C:\Windows\System\NUImuQu.exe
C:\Windows\System\NUImuQu.exe
2⤵
PID:3092

C:\Windows\System\HHAxrJn.exe
C:\Windows\System\HHAxrJn.exe
2⤵
PID:1520

C:\Windows\System\FLnhXHd.exe
C:\Windows\System\FLnhXHd.exe
2⤵
PID:3312

C:\Windows\System\VmkpXMy.exe
C:\Windows\System\VmkpXMy.exe
2⤵
PID:2580

C:\Windows\System\OGnBQLY.exe
C:\Windows\System\OGnBQLY.exe
2⤵
PID:2692

C:\Windows\System\XiZTQFj.exe
C:\Windows\System\XiZTQFj.exe
2⤵
PID:2860

C:\Windows\System\Ugxbmzy.exe
C:\Windows\System\Ugxbmzy.exe
2⤵
PID:1456

C:\Windows\System\CCyokSo.exe
C:\Windows\System\CCyokSo.exe
2⤵
PID:1760

C:\Windows\System\sVrddbZ.exe
C:\Windows\System\sVrddbZ.exe
2⤵
PID:2440

C:\Windows\System\iTrEGxn.exe
C:\Windows\System\iTrEGxn.exe
2⤵
PID:1300

C:\Windows\System\yrDQFJz.exe
C:\Windows\System\yrDQFJz.exe
2⤵
PID:3320

C:\Windows\System\ZmdOEHw.exe
C:\Windows\System\ZmdOEHw.exe
2⤵
PID:3528

C:\Windows\System\FDJZVcB.exe
C:\Windows\System\FDJZVcB.exe
2⤵
PID:3568

C:\Windows\System\RkDwsOG.exe
C:\Windows\System\RkDwsOG.exe
2⤵
PID:2852

C:\Windows\System\mIHvPvJ.exe
C:\Windows\System\mIHvPvJ.exe
2⤵
PID:3688

C:\Windows\System\qyGwyDD.exe
C:\Windows\System\qyGwyDD.exe
2⤵
PID:3596

C:\Windows\System\XFbrYNC.exe
C:\Windows\System\XFbrYNC.exe
2⤵
PID:3404

C:\Windows\System\wTyIrTp.exe
C:\Windows\System\wTyIrTp.exe
2⤵
PID:3508

C:\Windows\System\yauKNMF.exe
C:\Windows\System\yauKNMF.exe
2⤵
PID:3588

C:\Windows\System\ORsNuIk.exe
C:\Windows\System\ORsNuIk.exe
2⤵
PID:3888

C:\Windows\System\DKQUgNC.exe
C:\Windows\System\DKQUgNC.exe
2⤵
PID:3920

C:\Windows\System\otEwBUg.exe
C:\Windows\System\otEwBUg.exe
2⤵
PID:3972

C:\Windows\System\HguhcPZ.exe
C:\Windows\System\HguhcPZ.exe
2⤵
PID:4020

C:\Windows\System\POKFRZW.exe
C:\Windows\System\POKFRZW.exe
2⤵
PID:3704

C:\Windows\System\uuGCZmF.exe
C:\Windows\System\uuGCZmF.exe
2⤵
PID:2708

C:\Windows\System\hcnevJy.exe
C:\Windows\System\hcnevJy.exe
2⤵
PID:3152

C:\Windows\System\DIIyDUb.exe
C:\Windows\System\DIIyDUb.exe
2⤵
PID:4004

C:\Windows\System\aJZiWTZ.exe
C:\Windows\System\aJZiWTZ.exe
2⤵
PID:2300

C:\Windows\System\uTMmMmi.exe
C:\Windows\System\uTMmMmi.exe
2⤵
PID:4040

C:\Windows\System\zRhFpZC.exe
C:\Windows\System\zRhFpZC.exe
2⤵
PID:3804

C:\Windows\System\ApYdtcJ.exe
C:\Windows\System\ApYdtcJ.exe
2⤵
PID:3212

C:\Windows\System\pzoDdEU.exe
C:\Windows\System\pzoDdEU.exe
2⤵
PID:2528

C:\Windows\System\IWbiswY.exe
C:\Windows\System\IWbiswY.exe
2⤵
PID:1048

C:\Windows\System\csiqSvc.exe
C:\Windows\System\csiqSvc.exe
2⤵
PID:2884

C:\Windows\System\PDXYqiJ.exe
C:\Windows\System\PDXYqiJ.exe
2⤵
PID:3452

C:\Windows\System\HSEzKrC.exe
C:\Windows\System\HSEzKrC.exe
2⤵
PID:2556

C:\Windows\System\cBQzkPD.exe
C:\Windows\System\cBQzkPD.exe
2⤵
PID:3400

C:\Windows\System\BTBchKt.exe
C:\Windows\System\BTBchKt.exe
2⤵
PID:3916

C:\Windows\System\gWyGTSo.exe
C:\Windows\System\gWyGTSo.exe
2⤵
PID:3364

C:\Windows\System\iHatLwF.exe
C:\Windows\System\iHatLwF.exe
2⤵
PID:2564

C:\Windows\System\lHvYYYY.exe
C:\Windows\System\lHvYYYY.exe
2⤵
PID:3864

C:\Windows\System\CZhkpMi.exe
C:\Windows\System\CZhkpMi.exe
2⤵
PID:1088

C:\Windows\System\mIvBHqr.exe
C:\Windows\System\mIvBHqr.exe
2⤵
PID:1484

C:\Windows\System\KeJUnvF.exe
C:\Windows\System\KeJUnvF.exe
2⤵
PID:3832

C:\Windows\System\uQsRsNr.exe
C:\Windows\System\uQsRsNr.exe
2⤵
PID:2560

C:\Windows\System\ACerVpG.exe
C:\Windows\System\ACerVpG.exe
2⤵
PID:3768

C:\Windows\System\lnmujvl.exe
C:\Windows\System\lnmujvl.exe
2⤵
PID:2224

C:\Windows\System\EujStOw.exe
C:\Windows\System\EujStOw.exe
2⤵
PID:3964

C:\Windows\System\DQASEcB.exe
C:\Windows\System\DQASEcB.exe
2⤵
PID:3904

C:\Windows\System\gfrhhkk.exe
C:\Windows\System\gfrhhkk.exe
2⤵
PID:672

C:\Windows\System\yGMdaWa.exe
C:\Windows\System\yGMdaWa.exe
2⤵
PID:2500

C:\Windows\System\JaOjztw.exe
C:\Windows\System\JaOjztw.exe
2⤵
PID:3448

C:\Windows\System\tXwJrhS.exe
C:\Windows\System\tXwJrhS.exe
2⤵
PID:3076

C:\Windows\System\WZpuCLZ.exe
C:\Windows\System\WZpuCLZ.exe
2⤵
PID:2008

C:\Windows\System\YrXRnDf.exe
C:\Windows\System\YrXRnDf.exe
2⤵
PID:3624

C:\Windows\System\LWKoYxV.exe
C:\Windows\System\LWKoYxV.exe
2⤵
PID:2368

C:\Windows\System\qstsbKy.exe
C:\Windows\System\qstsbKy.exe
2⤵
PID:2200

C:\Windows\System\qhRlPmz.exe
C:\Windows\System\qhRlPmz.exe
2⤵
PID:3488

C:\Windows\System\hcTZfPw.exe
C:\Windows\System\hcTZfPw.exe
2⤵
PID:2588

C:\Windows\System\BOHAPde.exe
C:\Windows\System\BOHAPde.exe
2⤵
PID:3852

C:\Windows\System\fzJiaGd.exe
C:\Windows\System\fzJiaGd.exe
2⤵
PID:636

C:\Windows\System\FHJXMjk.exe
C:\Windows\System\FHJXMjk.exe
2⤵
PID:3276

C:\Windows\System\riRexdD.exe
C:\Windows\System\riRexdD.exe
2⤵
PID:1452

C:\Windows\System\cnQzfhb.exe
C:\Windows\System\cnQzfhb.exe
2⤵
PID:3240

C:\Windows\System\kwGNpCo.exe
C:\Windows\System\kwGNpCo.exe
2⤵
PID:2656

C:\Windows\System\mWoPqef.exe
C:\Windows\System\mWoPqef.exe
2⤵
PID:3532

C:\Windows\System\SMNQpRU.exe
C:\Windows\System\SMNQpRU.exe
2⤵
PID:2220

C:\Windows\System\grIXrsx.exe
C:\Windows\System\grIXrsx.exe
2⤵
PID:3540

C:\Windows\System\kOxCGLD.exe
C:\Windows\System\kOxCGLD.exe
2⤵
PID:1432

C:\Windows\System\YlKqQCb.exe
C:\Windows\System\YlKqQCb.exe
2⤵
PID:3660

C:\Windows\System\oLWiUrB.exe
C:\Windows\System\oLWiUrB.exe
2⤵
PID:1764

C:\Windows\System\iOkbfOY.exe
C:\Windows\System\iOkbfOY.exe
2⤵
PID:2068

C:\Windows\System\nDBooWq.exe
C:\Windows\System\nDBooWq.exe
2⤵
PID:2672

C:\Windows\System\TgmrcmN.exe
C:\Windows\System\TgmrcmN.exe
2⤵
PID:2204

C:\Windows\System\OMfDScf.exe
C:\Windows\System\OMfDScf.exe
2⤵
PID:2472

C:\Windows\System\rSKNUQL.exe
C:\Windows\System\rSKNUQL.exe
2⤵
PID:2248

C:\Windows\System\luKRUiq.exe
C:\Windows\System\luKRUiq.exe
2⤵
PID:2664

C:\Windows\System\gqmYmdq.exe
C:\Windows\System\gqmYmdq.exe
2⤵
PID:1128

C:\Windows\System\YyLUrJC.exe
C:\Windows\System\YyLUrJC.exe
2⤵
PID:380

C:\Windows\System\eWvdqLN.exe
C:\Windows\System\eWvdqLN.exe
2⤵
PID:3640

C:\Windows\System\bAAufDM.exe
C:\Windows\System\bAAufDM.exe
2⤵
PID:1748

C:\Windows\System\nStgzix.exe
C:\Windows\System\nStgzix.exe
2⤵
PID:2620

C:\Windows\System\IyEiUqA.exe
C:\Windows\System\IyEiUqA.exe
2⤵
PID:2596

C:\Windows\System\SIByPjR.exe
C:\Windows\System\SIByPjR.exe
2⤵
PID:4088

C:\Windows\System\HwKhfsK.exe
C:\Windows\System\HwKhfsK.exe
2⤵
PID:3344

C:\Windows\System\COlQeGh.exe
C:\Windows\System\COlQeGh.exe
2⤵
PID:2116

C:\Windows\System\XIxiouZ.exe
C:\Windows\System\XIxiouZ.exe
2⤵
PID:4120

C:\Windows\System\oRbRlPq.exe
C:\Windows\System\oRbRlPq.exe
2⤵
PID:4140

C:\Windows\System\ZPOZwhN.exe
C:\Windows\System\ZPOZwhN.exe
2⤵
PID:4156

C:\Windows\System\pEUuVIe.exe
C:\Windows\System\pEUuVIe.exe
2⤵
PID:4180

C:\Windows\System\JJlrmqU.exe
C:\Windows\System\JJlrmqU.exe
2⤵
PID:4204

C:\Windows\System\LrkOoRu.exe
C:\Windows\System\LrkOoRu.exe
2⤵
PID:4224

C:\Windows\System\DHtIcXy.exe
C:\Windows\System\DHtIcXy.exe
2⤵
PID:4252

C:\Windows\System\SVGVuVB.exe
C:\Windows\System\SVGVuVB.exe
2⤵
PID:4268

C:\Windows\System\PpABHub.exe
C:\Windows\System\PpABHub.exe
2⤵
PID:4284

C:\Windows\System\KPCKXOA.exe
C:\Windows\System\KPCKXOA.exe
2⤵
PID:4300

C:\Windows\System\OyWhXOp.exe
C:\Windows\System\OyWhXOp.exe
2⤵
PID:4320

C:\Windows\System\hqNPQsB.exe
C:\Windows\System\hqNPQsB.exe
2⤵
PID:4336

C:\Windows\System\jEijcIW.exe
C:\Windows\System\jEijcIW.exe
2⤵
PID:4352

C:\Windows\System\SZnCfsk.exe
C:\Windows\System\SZnCfsk.exe
2⤵
PID:4372

C:\Windows\System\rGQSOkp.exe
C:\Windows\System\rGQSOkp.exe
2⤵
PID:4392

C:\Windows\System\ROsjRjD.exe
C:\Windows\System\ROsjRjD.exe
2⤵
PID:4412

C:\Windows\System\boLTVBt.exe
C:\Windows\System\boLTVBt.exe
2⤵
PID:4428

C:\Windows\System\BntNLJP.exe
C:\Windows\System\BntNLJP.exe
2⤵
PID:4444

C:\Windows\System\JvchBap.exe
C:\Windows\System\JvchBap.exe
2⤵
PID:4464

C:\Windows\System\nruoAvf.exe
C:\Windows\System\nruoAvf.exe
2⤵
PID:4480

C:\Windows\System\bzjaecb.exe
C:\Windows\System\bzjaecb.exe
2⤵
PID:4500

C:\Windows\System\mwXCGwx.exe
C:\Windows\System\mwXCGwx.exe
2⤵
PID:4524

C:\Windows\System\pluIWrF.exe
C:\Windows\System\pluIWrF.exe
2⤵
PID:4544

C:\Windows\System\kGYmcjS.exe
C:\Windows\System\kGYmcjS.exe
2⤵
PID:4568

C:\Windows\System\PNAApeO.exe
C:\Windows\System\PNAApeO.exe
2⤵
PID:4584

C:\Windows\System\FMzFDBP.exe
C:\Windows\System\FMzFDBP.exe
2⤵
PID:4616

C:\Windows\System\liDWXbS.exe
C:\Windows\System\liDWXbS.exe
2⤵
PID:4636

C:\Windows\System\UdFBErs.exe
C:\Windows\System\UdFBErs.exe
2⤵
PID:4664

C:\Windows\System\LiblBJv.exe
C:\Windows\System\LiblBJv.exe
2⤵
PID:4680

C:\Windows\System\BBhyBun.exe
C:\Windows\System\BBhyBun.exe
2⤵
PID:4696

C:\Windows\System\NJEwDyN.exe
C:\Windows\System\NJEwDyN.exe
2⤵
PID:4716

C:\Windows\System\qqjGiZA.exe
C:\Windows\System\qqjGiZA.exe
2⤵
PID:4736

C:\Windows\System\zpwOBRP.exe
C:\Windows\System\zpwOBRP.exe
2⤵
PID:4752

C:\Windows\System\qYlQNnU.exe
C:\Windows\System\qYlQNnU.exe
2⤵
PID:4776

C:\Windows\System\NWtRooS.exe
C:\Windows\System\NWtRooS.exe
2⤵
PID:4796

C:\Windows\System\laoyZbL.exe
C:\Windows\System\laoyZbL.exe
2⤵
PID:4812

C:\Windows\System\zqUNMYt.exe
C:\Windows\System\zqUNMYt.exe
2⤵
PID:4828

C:\Windows\System\fvaawyg.exe
C:\Windows\System\fvaawyg.exe
2⤵
PID:4852

C:\Windows\System\ZVyEpyC.exe
C:\Windows\System\ZVyEpyC.exe
2⤵
PID:4880

C:\Windows\System\cMVhbuH.exe
C:\Windows\System\cMVhbuH.exe
2⤵
PID:4904

C:\Windows\System\OCcwgEQ.exe
C:\Windows\System\OCcwgEQ.exe
2⤵
PID:4920

C:\Windows\System\CARgiWz.exe
C:\Windows\System\CARgiWz.exe
2⤵
PID:4936

C:\Windows\System\VzLofoz.exe
C:\Windows\System\VzLofoz.exe
2⤵
PID:4956

C:\Windows\System\QHXbLRF.exe
C:\Windows\System\QHXbLRF.exe
2⤵
PID:4980

C:\Windows\System\QteDvzD.exe
C:\Windows\System\QteDvzD.exe
2⤵
PID:5012

C:\Windows\System\jqJPgKz.exe
C:\Windows\System\jqJPgKz.exe
2⤵
PID:5032

C:\Windows\System\rgkitmY.exe
C:\Windows\System\rgkitmY.exe
2⤵
PID:5048

C:\Windows\System\bqmuvjg.exe
C:\Windows\System\bqmuvjg.exe
2⤵
PID:5064

C:\Windows\System\YTfzlyn.exe
C:\Windows\System\YTfzlyn.exe
2⤵
PID:5084

C:\Windows\System\zFUqfYm.exe
C:\Windows\System\zFUqfYm.exe
2⤵
PID:5104

C:\Windows\System\YZuLuCD.exe
C:\Windows\System\YZuLuCD.exe
2⤵
PID:2668

C:\Windows\System\rGmrYeF.exe
C:\Windows\System\rGmrYeF.exe
2⤵
PID:4116

C:\Windows\System\YkOWLBf.exe
C:\Windows\System\YkOWLBf.exe
2⤵
PID:4152

C:\Windows\System\ukUTJks.exe
C:\Windows\System\ukUTJks.exe
2⤵
PID:2256

C:\Windows\System\FSJrFMN.exe
C:\Windows\System\FSJrFMN.exe
2⤵
PID:4200

C:\Windows\System\NInEPtq.exe
C:\Windows\System\NInEPtq.exe
2⤵
PID:2648

C:\Windows\System\VVwiGOG.exe
C:\Windows\System\VVwiGOG.exe
2⤵
PID:1628

C:\Windows\System\kRjyZME.exe
C:\Windows\System\kRjyZME.exe
2⤵
PID:4168

C:\Windows\System\fOcuCXf.exe
C:\Windows\System\fOcuCXf.exe
2⤵
PID:804

C:\Windows\System\pHYfZJr.exe
C:\Windows\System\pHYfZJr.exe
2⤵
PID:4280

C:\Windows\System\reIazCU.exe
C:\Windows\System\reIazCU.exe
2⤵
PID:4312

C:\Windows\System\ywCaytn.exe
C:\Windows\System\ywCaytn.exe
2⤵
PID:4420

C:\Windows\System\medRzHQ.exe
C:\Windows\System\medRzHQ.exe
2⤵
PID:4488

C:\Windows\System\uvJVmhe.exe
C:\Windows\System\uvJVmhe.exe
2⤵
PID:4260

C:\Windows\System\jYWdNvS.exe
C:\Windows\System\jYWdNvS.exe
2⤵
PID:4364

C:\Windows\System\lvzVSFI.exe
C:\Windows\System\lvzVSFI.exe
2⤵
PID:1276

C:\Windows\System\ReuofSF.exe
C:\Windows\System\ReuofSF.exe
2⤵
PID:4292

C:\Windows\System\cxaMUaF.exe
C:\Windows\System\cxaMUaF.exe
2⤵
PID:4400

C:\Windows\System\QQVtOJt.exe
C:\Windows\System\QQVtOJt.exe
2⤵
PID:4436

C:\Windows\System\vyHYfph.exe
C:\Windows\System\vyHYfph.exe
2⤵
PID:4512

C:\Windows\System\nryMpLF.exe
C:\Windows\System\nryMpLF.exe
2⤵
PID:4704

C:\Windows\System\WkydXig.exe
C:\Windows\System\WkydXig.exe
2⤵
PID:4688

C:\Windows\System\iNhXvLr.exe
C:\Windows\System\iNhXvLr.exe
2⤵
PID:4724

C:\Windows\System\tSiJRZA.exe
C:\Windows\System\tSiJRZA.exe
2⤵
PID:4552

C:\Windows\System\ZUgEgtG.exe
C:\Windows\System\ZUgEgtG.exe
2⤵
PID:4564

C:\Windows\System\hNyesXt.exe
C:\Windows\System\hNyesXt.exe
2⤵
PID:4608

C:\Windows\System\FAUeGbP.exe
C:\Windows\System\FAUeGbP.exe
2⤵
PID:4868

C:\Windows\System\lwTbGcq.exe
C:\Windows\System\lwTbGcq.exe
2⤵
PID:4912

C:\Windows\System\hgpzSBF.exe
C:\Windows\System\hgpzSBF.exe
2⤵
PID:2900

C:\Windows\System\fTFGMGi.exe
C:\Windows\System\fTFGMGi.exe
2⤵
PID:4952

C:\Windows\System\YHVnUgx.exe
C:\Windows\System\YHVnUgx.exe
2⤵
PID:5004

C:\Windows\System\BNucKLD.exe
C:\Windows\System\BNucKLD.exe
2⤵
PID:4888

C:\Windows\System\rrEtNpC.exe
C:\Windows\System\rrEtNpC.exe
2⤵
PID:1156

C:\Windows\System\rlkNJBn.exe
C:\Windows\System\rlkNJBn.exe
2⤵
PID:4972

C:\Windows\System\NstgRnb.exe
C:\Windows\System\NstgRnb.exe
2⤵
PID:5072

C:\Windows\System\uYNvOog.exe
C:\Windows\System\uYNvOog.exe
2⤵
PID:5116

C:\Windows\System\fwQhGsp.exe
C:\Windows\System\fwQhGsp.exe
2⤵
PID:5020

C:\Windows\System\yxVMriu.exe
C:\Windows\System\yxVMriu.exe
2⤵
PID:4308

C:\Windows\System\AVHHcpR.exe
C:\Windows\System\AVHHcpR.exe
2⤵
PID:4624

C:\Windows\System\vVWMhcG.exe
C:\Windows\System\vVWMhcG.exe
2⤵
PID:4132

C:\Windows\System\xstOpns.exe
C:\Windows\System\xstOpns.exe
2⤵
PID:4408

C:\Windows\System\MdgeFVk.exe
C:\Windows\System\MdgeFVk.exe
2⤵
PID:4836

C:\Windows\System\YRtdPVR.exe
C:\Windows\System\YRtdPVR.exe
2⤵
PID:4236

C:\Windows\System\JGhatSx.exe
C:\Windows\System\JGhatSx.exe
2⤵
PID:4996

C:\Windows\System\sAWUsPy.exe
C:\Windows\System\sAWUsPy.exe
2⤵
PID:2036

C:\Windows\System\JOkDitz.exe
C:\Windows\System\JOkDitz.exe
2⤵
PID:3976

C:\Windows\System\gNwIdai.exe
C:\Windows\System\gNwIdai.exe
2⤵
PID:4404

C:\Windows\System\XKqNtaU.exe
C:\Windows\System\XKqNtaU.exe
2⤵
PID:4808

C:\Windows\System\XjohgDf.exe
C:\Windows\System\XjohgDf.exe
2⤵
PID:4632

C:\Windows\System\NTteBvl.exe
C:\Windows\System\NTteBvl.exe
2⤵
PID:4112

C:\Windows\System\TjXQRZb.exe
C:\Windows\System\TjXQRZb.exe
2⤵
PID:1028

C:\Windows\System\llqgenE.exe
C:\Windows\System\llqgenE.exe
2⤵
PID:4772

C:\Windows\System\PwsLlme.exe
C:\Windows\System\PwsLlme.exe
2⤵
PID:4944

C:\Windows\System\lVswKxn.exe
C:\Windows\System\lVswKxn.exe
2⤵
PID:2836

C:\Windows\System\AnbTtKs.exe
C:\Windows\System\AnbTtKs.exe
2⤵
PID:4476

C:\Windows\System\aBZNivL.exe
C:\Windows\System\aBZNivL.exe
2⤵
PID:4660

C:\Windows\System\zuSKsQL.exe
C:\Windows\System\zuSKsQL.exe
2⤵
PID:2344

C:\Windows\System\aIExOcu.exe
C:\Windows\System\aIExOcu.exe
2⤵
PID:4820

C:\Windows\System\hxlehTv.exe
C:\Windows\System\hxlehTv.exe
2⤵
PID:1644

C:\Windows\System\uanJgww.exe
C:\Windows\System\uanJgww.exe
2⤵
PID:4520

C:\Windows\System\NmoAOwE.exe
C:\Windows\System\NmoAOwE.exe
2⤵
PID:4964

C:\Windows\System\sHBZGWa.exe
C:\Windows\System\sHBZGWa.exe
2⤵
PID:4136

C:\Windows\System\ItttjIU.exe
C:\Windows\System\ItttjIU.exe
2⤵
PID:5028

C:\Windows\System\mHHCCan.exe
C:\Windows\System\mHHCCan.exe
2⤵
PID:4388

C:\Windows\System\Lvtxpop.exe
C:\Windows\System\Lvtxpop.exe
2⤵
PID:4212

C:\Windows\System\TluSBeU.exe
C:\Windows\System\TluSBeU.exe
2⤵
PID:2452

C:\Windows\System\LjgWgbj.exe
C:\Windows\System\LjgWgbj.exe
2⤵
PID:5092

C:\Windows\System\XuHegfI.exe
C:\Windows\System\XuHegfI.exe
2⤵
PID:3800

C:\Windows\System\tPAqQIq.exe
C:\Windows\System\tPAqQIq.exe
2⤵
PID:4864

C:\Windows\System\LdWAzLX.exe
C:\Windows\System\LdWAzLX.exe
2⤵
PID:4604

C:\Windows\System\ztJXKCA.exe
C:\Windows\System\ztJXKCA.exe
2⤵
PID:4248

C:\Windows\System\rglWpGY.exe
C:\Windows\System\rglWpGY.exe
2⤵
PID:4804

C:\Windows\System\yrjOdQj.exe
C:\Windows\System\yrjOdQj.exe
2⤵
PID:2804

C:\Windows\System\vtnAgen.exe
C:\Windows\System\vtnAgen.exe
2⤵
PID:4764

C:\Windows\System\PYnCWHA.exe
C:\Windows\System\PYnCWHA.exe
2⤵
PID:5128

C:\Windows\System\OtwbzHV.exe
C:\Windows\System\OtwbzHV.exe
2⤵
PID:5196

C:\Windows\System\xuBmhJt.exe
C:\Windows\System\xuBmhJt.exe
2⤵
PID:5216

C:\Windows\System\TTrxeRz.exe
C:\Windows\System\TTrxeRz.exe
2⤵
PID:5232

C:\Windows\System\Lefqfov.exe
C:\Windows\System\Lefqfov.exe
2⤵
PID:5252

C:\Windows\System\RUFGutB.exe
C:\Windows\System\RUFGutB.exe
2⤵
PID:5272

C:\Windows\System\DloCBwe.exe
C:\Windows\System\DloCBwe.exe
2⤵
PID:5296

C:\Windows\System\LcoclkL.exe
C:\Windows\System\LcoclkL.exe
2⤵
PID:5312

C:\Windows\System\UTvmQNL.exe
C:\Windows\System\UTvmQNL.exe
2⤵
PID:5328

C:\Windows\System\LHHIghS.exe
C:\Windows\System\LHHIghS.exe
2⤵
PID:5344

C:\Windows\System\OEALBmy.exe
C:\Windows\System\OEALBmy.exe
2⤵
PID:5364

C:\Windows\System\rXcNoTY.exe
C:\Windows\System\rXcNoTY.exe
2⤵
PID:5380

C:\Windows\System\sDGHRzi.exe
C:\Windows\System\sDGHRzi.exe
2⤵
PID:5396

C:\Windows\System\tklYqRw.exe
C:\Windows\System\tklYqRw.exe
2⤵
PID:5416

C:\Windows\System\GiUnOVo.exe
C:\Windows\System\GiUnOVo.exe
2⤵
PID:5432

C:\Windows\System\thGvWVQ.exe
C:\Windows\System\thGvWVQ.exe
2⤵
PID:5452

C:\Windows\System\gjhNUna.exe
C:\Windows\System\gjhNUna.exe
2⤵
PID:5472

C:\Windows\System\ncrCWPS.exe
C:\Windows\System\ncrCWPS.exe
2⤵
PID:5488

C:\Windows\System\HynOcRF.exe
C:\Windows\System\HynOcRF.exe
2⤵
PID:5504

C:\Windows\System\rktuDhy.exe
C:\Windows\System\rktuDhy.exe
2⤵
PID:5520

C:\Windows\System\azvlFZz.exe
C:\Windows\System\azvlFZz.exe
2⤵
PID:5540

C:\Windows\System\LXSkxCD.exe
C:\Windows\System\LXSkxCD.exe
2⤵
PID:5560

C:\Windows\System\SRqChBJ.exe
C:\Windows\System\SRqChBJ.exe
2⤵
PID:5580

C:\Windows\System\LRfNDet.exe
C:\Windows\System\LRfNDet.exe
2⤵
PID:5604

C:\Windows\System\BgWJMUc.exe
C:\Windows\System\BgWJMUc.exe
2⤵
PID:5628

C:\Windows\System\ypgyXuh.exe
C:\Windows\System\ypgyXuh.exe
2⤵
PID:5648

C:\Windows\System\cUnYcMc.exe
C:\Windows\System\cUnYcMc.exe
2⤵
PID:5664

C:\Windows\System\ZfMuheT.exe
C:\Windows\System\ZfMuheT.exe
2⤵
PID:5688

C:\Windows\System\pmiJheD.exe
C:\Windows\System\pmiJheD.exe
2⤵
PID:5704

C:\Windows\System\XpgqCRW.exe
C:\Windows\System\XpgqCRW.exe
2⤵
PID:5728

C:\Windows\System\ipRCAVa.exe
C:\Windows\System\ipRCAVa.exe
2⤵
PID:5744

C:\Windows\System\YpcaDmW.exe
C:\Windows\System\YpcaDmW.exe
2⤵
PID:5764

C:\Windows\System\snJpWPX.exe
C:\Windows\System\snJpWPX.exe
2⤵
PID:5820

C:\Windows\System\QjRNntC.exe
C:\Windows\System\QjRNntC.exe
2⤵
PID:5836

C:\Windows\System\roQHjOy.exe
C:\Windows\System\roQHjOy.exe
2⤵
PID:5852

C:\Windows\System\BRcrGxv.exe
C:\Windows\System\BRcrGxv.exe
2⤵
PID:5868

C:\Windows\System\qdCEbuU.exe
C:\Windows\System\qdCEbuU.exe
2⤵
PID:5884

C:\Windows\System\VOdBwrE.exe
C:\Windows\System\VOdBwrE.exe
2⤵
PID:5900

C:\Windows\System\JEdORYI.exe
C:\Windows\System\JEdORYI.exe
2⤵
PID:5916

C:\Windows\System\gGBHDdv.exe
C:\Windows\System\gGBHDdv.exe
2⤵
PID:5936

C:\Windows\System\cPZjakN.exe
C:\Windows\System\cPZjakN.exe
2⤵
PID:5956

C:\Windows\System\vASvimb.exe
C:\Windows\System\vASvimb.exe
2⤵
PID:5976

C:\Windows\System\FgGgjER.exe
C:\Windows\System\FgGgjER.exe
2⤵
PID:5992

C:\Windows\System\YZOWhJv.exe
C:\Windows\System\YZOWhJv.exe
2⤵
PID:6032

C:\Windows\System\epjojAu.exe
C:\Windows\System\epjojAu.exe
2⤵
PID:6056

C:\Windows\System\ndfxRSA.exe
C:\Windows\System\ndfxRSA.exe
2⤵
PID:6076

C:\Windows\System\eTUmJlT.exe
C:\Windows\System\eTUmJlT.exe
2⤵
PID:6100

C:\Windows\System\wLldLSy.exe
C:\Windows\System\wLldLSy.exe
2⤵
PID:6116

C:\Windows\System\WIPhyTj.exe
C:\Windows\System\WIPhyTj.exe
2⤵
PID:6132

C:\Windows\System\IPKxFto.exe
C:\Windows\System\IPKxFto.exe
2⤵
PID:4760

C:\Windows\System\LRgUMaH.exe
C:\Windows\System\LRgUMaH.exe
2⤵
PID:4652

C:\Windows\System\LzulpGk.exe
C:\Windows\System\LzulpGk.exe
2⤵
PID:1204

C:\Windows\System\rUPmPNk.exe
C:\Windows\System\rUPmPNk.exe
2⤵
PID:5136

C:\Windows\System\fpcxwGm.exe
C:\Windows\System\fpcxwGm.exe
2⤵
PID:4648

C:\Windows\System\XrngfPo.exe
C:\Windows\System\XrngfPo.exe
2⤵
PID:5112

C:\Windows\System\XljPAUS.exe
C:\Windows\System\XljPAUS.exe
2⤵
PID:4840

C:\Windows\System\YVRRJat.exe
C:\Windows\System\YVRRJat.exe
2⤵
PID:4360

C:\Windows\System\hBGUQtu.exe
C:\Windows\System\hBGUQtu.exe
2⤵
PID:5164

C:\Windows\System\sZzQtTb.exe
C:\Windows\System\sZzQtTb.exe
2⤵
PID:5188

C:\Windows\System\DsdNsWQ.exe
C:\Windows\System\DsdNsWQ.exe
2⤵
PID:5240

C:\Windows\System\QDHGwVF.exe
C:\Windows\System\QDHGwVF.exe
2⤵
PID:5248

C:\Windows\System\jtWzzxc.exe
C:\Windows\System\jtWzzxc.exe
2⤵
PID:5288

C:\Windows\System\KwFmLuf.exe
C:\Windows\System\KwFmLuf.exe
2⤵
PID:5352

C:\Windows\System\cIgSlrn.exe
C:\Windows\System\cIgSlrn.exe
2⤵
PID:5388

C:\Windows\System\eywKoBQ.exe
C:\Windows\System\eywKoBQ.exe
2⤵
PID:5500

C:\Windows\System\hgzDBTZ.exe
C:\Windows\System\hgzDBTZ.exe
2⤵
PID:5536

C:\Windows\System\QCBSBWo.exe
C:\Windows\System\QCBSBWo.exe
2⤵
PID:5376

C:\Windows\System\qeIiSeW.exe
C:\Windows\System\qeIiSeW.exe
2⤵
PID:5700

C:\Windows\System\uVNmTEm.exe
C:\Windows\System\uVNmTEm.exe
2⤵
PID:5780

C:\Windows\System\mgqftyg.exe
C:\Windows\System\mgqftyg.exe
2⤵
PID:5304

C:\Windows\System\Wjkdvnk.exe
C:\Windows\System\Wjkdvnk.exe
2⤵
PID:5676

C:\Windows\System\WHXyrQA.exe
C:\Windows\System\WHXyrQA.exe
2⤵
PID:5412

C:\Windows\System\uFwXPmy.exe
C:\Windows\System\uFwXPmy.exe
2⤵
PID:5816

C:\Windows\System\qtHHLFa.exe
C:\Windows\System\qtHHLFa.exe
2⤵
PID:5880

C:\Windows\System\CvrfFEq.exe
C:\Windows\System\CvrfFEq.exe
2⤵
PID:5952

C:\Windows\System\HwlOAKw.exe
C:\Windows\System\HwlOAKw.exe
2⤵
PID:5336

C:\Windows\System\qiQicxw.exe
C:\Windows\System\qiQicxw.exe
2⤵
PID:5988

C:\Windows\System\bSSmGbq.exe
C:\Windows\System\bSSmGbq.exe
2⤵
PID:5968

C:\Windows\System\gUHaTSz.exe
C:\Windows\System\gUHaTSz.exe
2⤵
PID:5480

C:\Windows\System\cekLZLN.exe
C:\Windows\System\cekLZLN.exe
2⤵
PID:5596

C:\Windows\System\QGAAdAs.exe
C:\Windows\System\QGAAdAs.exe
2⤵
PID:5720

C:\Windows\System\hGMzsJB.exe
C:\Windows\System\hGMzsJB.exe
2⤵
PID:5760

C:\Windows\System\weWnnfz.exe
C:\Windows\System\weWnnfz.exe
2⤵
PID:5864

C:\Windows\System\UjsmRtm.exe
C:\Windows\System\UjsmRtm.exe
2⤵
PID:6004

C:\Windows\System\nMKdoGb.exe
C:\Windows\System\nMKdoGb.exe
2⤵
PID:6028

C:\Windows\System\OANHvWE.exe
C:\Windows\System\OANHvWE.exe
2⤵
PID:6064

C:\Windows\System\fDgjtKf.exe
C:\Windows\System\fDgjtKf.exe
2⤵
PID:6068

C:\Windows\System\nWqrXyn.exe
C:\Windows\System\nWqrXyn.exe
2⤵
PID:4328

C:\Windows\System\nAOeale.exe
C:\Windows\System\nAOeale.exe
2⤵
PID:4196

C:\Windows\System\RvEyicN.exe
C:\Windows\System\RvEyicN.exe
2⤵
PID:4824

C:\Windows\System\pwrFfXm.exe
C:\Windows\System\pwrFfXm.exe
2⤵
PID:6108

C:\Windows\System\JkhJvPd.exe
C:\Windows\System\JkhJvPd.exe
2⤵
PID:5224

C:\Windows\System\ekbBnfj.exe
C:\Windows\System\ekbBnfj.exe
2⤵
PID:5056

C:\Windows\System\QUsReeu.exe
C:\Windows\System\QUsReeu.exe
2⤵
PID:5496

C:\Windows\System\xArqCfM.exe
C:\Windows\System\xArqCfM.exe
2⤵
PID:5572

C:\Windows\System\bnpMjur.exe
C:\Windows\System\bnpMjur.exe
2⤵
PID:5532

C:\Windows\System\FwklQpG.exe
C:\Windows\System\FwklQpG.exe
2⤵
PID:5140

C:\Windows\System\vSqeqjN.exe
C:\Windows\System\vSqeqjN.exe
2⤵
PID:5268

C:\Windows\System\NFObQRJ.exe
C:\Windows\System\NFObQRJ.exe
2⤵
PID:5060

C:\Windows\System\foasZDr.exe
C:\Windows\System\foasZDr.exe
2⤵
PID:5784

C:\Windows\System\bCQfKNc.exe
C:\Windows\System\bCQfKNc.exe
2⤵
PID:5912

C:\Windows\System\deISosZ.exe
C:\Windows\System\deISosZ.exe
2⤵
PID:5404

C:\Windows\System\KTxrkZG.exe
C:\Windows\System\KTxrkZG.exe
2⤵
PID:5672

C:\Windows\System\aKHOKri.exe
C:\Windows\System\aKHOKri.exe
2⤵
PID:2124

C:\Windows\System\bvdqewo.exe
C:\Windows\System\bvdqewo.exe
2⤵
PID:6000

C:\Windows\System\sEXgodQ.exe
C:\Windows\System\sEXgodQ.exe
2⤵
PID:5640

C:\Windows\System\eVhsHKG.exe
C:\Windows\System\eVhsHKG.exe
2⤵
PID:5828

C:\Windows\System\QAWVHDk.exe
C:\Windows\System\QAWVHDk.exe
2⤵
PID:5756

C:\Windows\System\gdfIjUL.exe
C:\Windows\System\gdfIjUL.exe
2⤵
PID:5516

C:\Windows\System\ajQmfOu.exe
C:\Windows\System\ajQmfOu.exe
2⤵
PID:6052

C:\Windows\System\kcERais.exe
C:\Windows\System\kcERais.exe
2⤵
PID:4992

C:\Windows\System\pXHktLs.exe
C:\Windows\System\pXHktLs.exe
2⤵
PID:4332

C:\Windows\System\yavEjxZ.exe
C:\Windows\System\yavEjxZ.exe
2⤵
PID:5244

C:\Windows\System\CxBEjkC.exe
C:\Windows\System\CxBEjkC.exe
2⤵
PID:4896

C:\Windows\System\IqleQSc.exe
C:\Windows\System\IqleQSc.exe
2⤵
PID:5180

C:\Windows\System\PLuRbrK.exe
C:\Windows\System\PLuRbrK.exe
2⤵
PID:5184

C:\Windows\System\yjDpttS.exe
C:\Windows\System\yjDpttS.exe
2⤵
PID:5324

C:\Windows\System\xVslKjl.exe
C:\Windows\System\xVslKjl.exe
2⤵
PID:5212

C:\Windows\System\oWsbYmT.exe
C:\Windows\System\oWsbYmT.exe
2⤵
PID:5800

C:\Windows\System\rrYupir.exe
C:\Windows\System\rrYupir.exe
2⤵
PID:5408

C:\Windows\System\qCkkdmP.exe
C:\Windows\System\qCkkdmP.exe
2⤵
PID:5928

C:\Windows\System\GKSkivE.exe
C:\Windows\System\GKSkivE.exe
2⤵
PID:5556

C:\Windows\System\TlDxTmJ.exe
C:\Windows\System\TlDxTmJ.exe
2⤵
PID:4496

C:\Windows\System\kfCdkJK.exe
C:\Windows\System\kfCdkJK.exe
2⤵
PID:2584

C:\Windows\System\smJvPvg.exe
C:\Windows\System\smJvPvg.exe
2⤵
PID:6024

C:\Windows\System\yaOkeZh.exe
C:\Windows\System\yaOkeZh.exe
2⤵
PID:5176

C:\Windows\System\ULJbolo.exe
C:\Windows\System\ULJbolo.exe
2⤵
PID:5264

C:\Windows\System\ZlofcPJ.exe
C:\Windows\System\ZlofcPJ.exe
2⤵
PID:5172

C:\Windows\System\CboySou.exe
C:\Windows\System\CboySou.exe
2⤵
PID:5156

C:\Windows\System\fPmldvU.exe
C:\Windows\System\fPmldvU.exe
2⤵
PID:5464

C:\Windows\System\GcCvbea.exe
C:\Windows\System\GcCvbea.exe
2⤵
PID:5372

C:\Windows\System\DkPHJwI.exe
C:\Windows\System\DkPHJwI.exe
2⤵
PID:6008

C:\Windows\System\dhXPpLk.exe
C:\Windows\System\dhXPpLk.exe
2⤵
PID:5752

C:\Windows\System\xwSTcEb.exe
C:\Windows\System\xwSTcEb.exe
2⤵
PID:4460

C:\Windows\System\LYbcYbC.exe
C:\Windows\System\LYbcYbC.exe
2⤵
PID:5620

C:\Windows\System\EAHHbLD.exe
C:\Windows\System\EAHHbLD.exe
2⤵
PID:5808

C:\Windows\System\iqwNpFF.exe
C:\Windows\System\iqwNpFF.exe
2⤵
PID:5576

C:\Windows\System\JnIvonV.exe
C:\Windows\System\JnIvonV.exe
2⤵
PID:6128

C:\Windows\System\RTWWEWN.exe
C:\Windows\System\RTWWEWN.exe
2⤵
PID:6020

C:\Windows\System\cNZyMyO.exe
C:\Windows\System\cNZyMyO.exe
2⤵
PID:6072

C:\Windows\System\MmnqRIM.exe
C:\Windows\System\MmnqRIM.exe
2⤵
PID:5428

C:\Windows\System\nebyvVU.exe
C:\Windows\System\nebyvVU.exe
2⤵
PID:4456

C:\Windows\System\IEBtgRe.exe
C:\Windows\System\IEBtgRe.exe
2⤵
PID:5616

C:\Windows\System\nNGsqDU.exe
C:\Windows\System\nNGsqDU.exe
2⤵
PID:6156

C:\Windows\System\vzVweys.exe
C:\Windows\System\vzVweys.exe
2⤵
PID:6176

C:\Windows\System\uFJnnua.exe
C:\Windows\System\uFJnnua.exe
2⤵
PID:6196

C:\Windows\System\BUJOYtr.exe
C:\Windows\System\BUJOYtr.exe
2⤵
PID:6216

C:\Windows\System\nuRaTzT.exe
C:\Windows\System\nuRaTzT.exe
2⤵
PID:6240

C:\Windows\System\sCFPEWv.exe
C:\Windows\System\sCFPEWv.exe
2⤵
PID:6264

C:\Windows\System\YgKnVsJ.exe
C:\Windows\System\YgKnVsJ.exe
2⤵
PID:6284

C:\Windows\System\OMvUwYz.exe
C:\Windows\System\OMvUwYz.exe
2⤵
PID:6304

C:\Windows\System\eISvkJK.exe
C:\Windows\System\eISvkJK.exe
2⤵
PID:6324

C:\Windows\System\eThMgcM.exe
C:\Windows\System\eThMgcM.exe
2⤵
PID:6344

C:\Windows\System\HSYtHxz.exe
C:\Windows\System\HSYtHxz.exe
2⤵
PID:6364

C:\Windows\System\GiHAgJG.exe
C:\Windows\System\GiHAgJG.exe
2⤵
PID:6384

C:\Windows\System\ktqPZRU.exe
C:\Windows\System\ktqPZRU.exe
2⤵
PID:6404

C:\Windows\System\LTzLUfq.exe
C:\Windows\System\LTzLUfq.exe
2⤵
PID:6424

C:\Windows\System\HyXoWNT.exe
C:\Windows\System\HyXoWNT.exe
2⤵
PID:6444

C:\Windows\System\NcBjXPg.exe
C:\Windows\System\NcBjXPg.exe
2⤵
PID:6464

C:\Windows\System\SSOgoCe.exe
C:\Windows\System\SSOgoCe.exe
2⤵
PID:6484

C:\Windows\System\EBhlphG.exe
C:\Windows\System\EBhlphG.exe
2⤵
PID:6504

C:\Windows\System\aicBzsj.exe
C:\Windows\System\aicBzsj.exe
2⤵
PID:6524

C:\Windows\System\zYeuWvm.exe
C:\Windows\System\zYeuWvm.exe
2⤵
PID:6544

C:\Windows\System\iBLxoat.exe
C:\Windows\System\iBLxoat.exe
2⤵
PID:6564

C:\Windows\System\DxufKgn.exe
C:\Windows\System\DxufKgn.exe
2⤵
PID:6584

C:\Windows\System\uVYnrry.exe
C:\Windows\System\uVYnrry.exe
2⤵
PID:6604

C:\Windows\System\zGfUzAF.exe
C:\Windows\System\zGfUzAF.exe
2⤵
PID:6624

C:\Windows\System\UYVYTwJ.exe
C:\Windows\System\UYVYTwJ.exe
2⤵
PID:6644

C:\Windows\System\AJwWGZL.exe
C:\Windows\System\AJwWGZL.exe
2⤵
PID:6664

C:\Windows\System\huUfzjc.exe
C:\Windows\System\huUfzjc.exe
2⤵
PID:6684

C:\Windows\System\aIlSYby.exe
C:\Windows\System\aIlSYby.exe
2⤵
PID:6704

C:\Windows\System\Kilrsdx.exe
C:\Windows\System\Kilrsdx.exe
2⤵
PID:6724

C:\Windows\System\dtgBpQy.exe
C:\Windows\System\dtgBpQy.exe
2⤵
PID:6744

C:\Windows\System\zxroNTA.exe
C:\Windows\System\zxroNTA.exe
2⤵
PID:6764

C:\Windows\System\WoHwnlx.exe
C:\Windows\System\WoHwnlx.exe
2⤵
PID:6788

C:\Windows\System\icRQFPJ.exe
C:\Windows\System\icRQFPJ.exe
2⤵
PID:6808

C:\Windows\System\PTqTEIy.exe
C:\Windows\System\PTqTEIy.exe
2⤵
PID:6828

C:\Windows\System\PhEQDDW.exe
C:\Windows\System\PhEQDDW.exe
2⤵
PID:6844

C:\Windows\System\BgKqGyM.exe
C:\Windows\System\BgKqGyM.exe
2⤵
PID:6868

C:\Windows\System\hpgVhha.exe
C:\Windows\System\hpgVhha.exe
2⤵
PID:6888

C:\Windows\System\gAqyIcu.exe
C:\Windows\System\gAqyIcu.exe
2⤵
PID:6904

C:\Windows\System\BJCtkJU.exe
C:\Windows\System\BJCtkJU.exe
2⤵
PID:6924

C:\Windows\System\ItnuxvL.exe
C:\Windows\System\ItnuxvL.exe
2⤵
PID:6940

C:\Windows\System\mBbnnnq.exe
C:\Windows\System\mBbnnnq.exe
2⤵
PID:6960

C:\Windows\System\OSRkBbd.exe
C:\Windows\System\OSRkBbd.exe
2⤵
PID:6984

C:\Windows\System\STKWWPH.exe
C:\Windows\System\STKWWPH.exe
2⤵
PID:7004

C:\Windows\System\qpMPSnj.exe
C:\Windows\System\qpMPSnj.exe
2⤵
PID:7020

C:\Windows\System\AZNqrKh.exe
C:\Windows\System\AZNqrKh.exe
2⤵
PID:7044

C:\Windows\System\FldCwJv.exe
C:\Windows\System\FldCwJv.exe
2⤵
PID:7064

C:\Windows\System\uuQSkWe.exe
C:\Windows\System\uuQSkWe.exe
2⤵
PID:7088

C:\Windows\System\rmYnupK.exe
C:\Windows\System\rmYnupK.exe
2⤵
PID:7108

C:\Windows\System\qGmqQWR.exe
C:\Windows\System\qGmqQWR.exe
2⤵
PID:7128

C:\Windows\System\zHPyrIE.exe
C:\Windows\System\zHPyrIE.exe
2⤵
PID:7144

C:\Windows\System\eQuNHGt.exe
C:\Windows\System\eQuNHGt.exe
2⤵
PID:7164

C:\Windows\System\oLMrOKT.exe
C:\Windows\System\oLMrOKT.exe
2⤵
PID:4216

C:\Windows\System\RRKofQk.exe
C:\Windows\System\RRKofQk.exe
2⤵
PID:6212

C:\Windows\System\jCmjBhs.exe
C:\Windows\System\jCmjBhs.exe
2⤵
PID:6260

C:\Windows\System\pWIcPUX.exe
C:\Windows\System\pWIcPUX.exe
2⤵
PID:5716

C:\Windows\System\ultrycR.exe
C:\Windows\System\ultrycR.exe
2⤵
PID:6292

C:\Windows\System\WGbZlKM.exe
C:\Windows\System\WGbZlKM.exe
2⤵
PID:6276

C:\Windows\System\oOiyqsg.exe
C:\Windows\System\oOiyqsg.exe
2⤵
PID:6280

C:\Windows\System\jbaJSYS.exe
C:\Windows\System\jbaJSYS.exe
2⤵
PID:6316

C:\Windows\System\DUyPcmS.exe
C:\Windows\System\DUyPcmS.exe
2⤵
PID:6340

C:\Windows\System\iVPHDsf.exe
C:\Windows\System\iVPHDsf.exe
2⤵
PID:6356

C:\Windows\System\pfKZnJH.exe
C:\Windows\System\pfKZnJH.exe
2⤵
PID:6396

C:\Windows\System\sKJlnJi.exe
C:\Windows\System\sKJlnJi.exe
2⤵
PID:6420

C:\Windows\System\uHOZcUS.exe
C:\Windows\System\uHOZcUS.exe
2⤵
PID:6440

C:\Windows\System\aVEgpHn.exe
C:\Windows\System\aVEgpHn.exe
2⤵
PID:6492

C:\Windows\System\LkOHWiw.exe
C:\Windows\System\LkOHWiw.exe
2⤵
PID:6500

C:\Windows\System\URfYQPS.exe
C:\Windows\System\URfYQPS.exe
2⤵
PID:6532

C:\Windows\System\eaNPeCX.exe
C:\Windows\System\eaNPeCX.exe
2⤵
PID:6556

C:\Windows\System\EYZGRNV.exe
C:\Windows\System\EYZGRNV.exe
2⤵
PID:6580

C:\Windows\System\AKJDKUd.exe
C:\Windows\System\AKJDKUd.exe
2⤵
PID:6616

C:\Windows\System\GPuDfyz.exe
C:\Windows\System\GPuDfyz.exe
2⤵
PID:6740

C:\Windows\System\ecqJboP.exe
C:\Windows\System\ecqJboP.exe
2⤵
PID:6780

C:\Windows\System\tHCFbzZ.exe
C:\Windows\System\tHCFbzZ.exe
2⤵
PID:6804

C:\Windows\System\DVZJOIH.exe
C:\Windows\System\DVZJOIH.exe
2⤵
PID:6852

C:\Windows\System\imZKmxg.exe
C:\Windows\System\imZKmxg.exe
2⤵
PID:6864

C:\Windows\System\bClVaSR.exe
C:\Windows\System\bClVaSR.exe
2⤵
PID:6932

C:\Windows\System\sURWKNa.exe
C:\Windows\System\sURWKNa.exe
2⤵
PID:6880

C:\Windows\System\TEhsxev.exe
C:\Windows\System\TEhsxev.exe
2⤵
PID:6952

C:\Windows\System\EIwUuBF.exe
C:\Windows\System\EIwUuBF.exe
2⤵
PID:6920

C:\Windows\System\UaxXEcU.exe
C:\Windows\System\UaxXEcU.exe
2⤵
PID:7052

C:\Windows\System\ZeASroE.exe
C:\Windows\System\ZeASroE.exe
2⤵
PID:7040

C:\Windows\System\AQRyPqm.exe
C:\Windows\System\AQRyPqm.exe
2⤵
PID:7124

C:\Windows\System\UrWmNsM.exe
C:\Windows\System\UrWmNsM.exe
2⤵
PID:6168

C:\Windows\System\xLVTyrG.exe
C:\Windows\System\xLVTyrG.exe
2⤵
PID:7120

C:\Windows\System\nWvKLOi.exe
C:\Windows\System\nWvKLOi.exe
2⤵
PID:6336

C:\Windows\System\wdiCpVt.exe
C:\Windows\System\wdiCpVt.exe
2⤵
PID:6480

C:\Windows\System\NrUUVzd.exe
C:\Windows\System\NrUUVzd.exe
2⤵
PID:6600

C:\Windows\System\PkEJWIk.exe
C:\Windows\System\PkEJWIk.exe
2⤵
PID:6376

C:\Windows\System\WSXkpAO.exe
C:\Windows\System\WSXkpAO.exe
2⤵
PID:6560

C:\Windows\System\mbmqmvw.exe
C:\Windows\System\mbmqmvw.exe
2⤵
PID:6224

C:\Windows\System\FIudQgn.exe
C:\Windows\System\FIudQgn.exe
2⤵
PID:7160

C:\Windows\System\fLlerPN.exe
C:\Windows\System\fLlerPN.exe
2⤵
PID:6312

C:\Windows\System\FAriJds.exe
C:\Windows\System\FAriJds.exe
2⤵
PID:6632

C:\Windows\System\aTxxMLd.exe
C:\Windows\System\aTxxMLd.exe
2⤵
PID:1560

C:\Windows\System\tLhFnGn.exe
C:\Windows\System\tLhFnGn.exe
2⤵
PID:6676

C:\Windows\System\zvJALSL.exe
C:\Windows\System\zvJALSL.exe
2⤵
PID:6712

C:\Windows\System\aSkHavN.exe
C:\Windows\System\aSkHavN.exe
2⤵
PID:6752

C:\Windows\System\eXcvQYl.exe
C:\Windows\System\eXcvQYl.exe
2⤵
PID:6996

C:\Windows\System\QdFnJNR.exe
C:\Windows\System\QdFnJNR.exe
2⤵
PID:7076

C:\Windows\System\FmUhBAH.exe
C:\Windows\System\FmUhBAH.exe
2⤵
PID:7028

C:\Windows\System\AeOFqwa.exe
C:\Windows\System\AeOFqwa.exe
2⤵
PID:6968

C:\Windows\System\nibScvy.exe
C:\Windows\System\nibScvy.exe
2⤵
PID:7000

C:\Windows\System\TUcZKUl.exe
C:\Windows\System\TUcZKUl.exe
2⤵
PID:5548

C:\Windows\System\dKZRuVT.exe
C:\Windows\System\dKZRuVT.exe
2⤵
PID:6372

C:\Windows\System\stFinzv.exe
C:\Windows\System\stFinzv.exe
2⤵
PID:6188

C:\Windows\System\oaJkAKp.exe
C:\Windows\System\oaJkAKp.exe
2⤵
PID:6700

C:\Windows\System\KyMOjvG.exe
C:\Windows\System\KyMOjvG.exe
2⤵
PID:6760

C:\Windows\System\gzFnPMb.exe
C:\Windows\System\gzFnPMb.exe
2⤵
PID:6672

C:\Windows\System\YmMXudI.exe
C:\Windows\System\YmMXudI.exe
2⤵
PID:6400

C:\Windows\System\ciUYfVn.exe
C:\Windows\System\ciUYfVn.exe
2⤵
PID:6320

C:\Windows\System\HRVvKZk.exe
C:\Windows\System\HRVvKZk.exe
2⤵
PID:6416

C:\Windows\System\YDtPHXE.exe
C:\Windows\System\YDtPHXE.exe
2⤵
PID:5944

C:\Windows\System\SgQYeod.exe
C:\Windows\System\SgQYeod.exe
2⤵
PID:7072

C:\Windows\System\miYDYpu.exe
C:\Windows\System\miYDYpu.exe
2⤵
PID:7016

C:\Windows\System\odPDCTB.exe
C:\Windows\System\odPDCTB.exe
2⤵
PID:7036

C:\Windows\System\lfmZiUq.exe
C:\Windows\System\lfmZiUq.exe
2⤵
PID:6596

C:\Windows\System\MpCJeoo.exe
C:\Windows\System\MpCJeoo.exe
2⤵
PID:6300

C:\Windows\System\RJplCGz.exe
C:\Windows\System\RJplCGz.exe
2⤵
PID:6980

C:\Windows\System\jcZFRYb.exe
C:\Windows\System\jcZFRYb.exe
2⤵
PID:6236

C:\Windows\System\mAxXmGB.exe
C:\Windows\System\mAxXmGB.exe
2⤵
PID:6048

C:\Windows\System\IMAuEwF.exe
C:\Windows\System\IMAuEwF.exe
2⤵
PID:6540

C:\Windows\System\rZvcoBZ.exe
C:\Windows\System\rZvcoBZ.exe
2⤵
PID:6472

C:\Windows\System\RkAOJZC.exe
C:\Windows\System\RkAOJZC.exe
2⤵
PID:5812

C:\Windows\System\VyqyRGm.exe
C:\Windows\System\VyqyRGm.exe
2⤵
PID:7084

C:\Windows\System\DHUsqiO.exe
C:\Windows\System\DHUsqiO.exe
2⤵
PID:6460

C:\Windows\System\qZyCTlk.exe
C:\Windows\System\qZyCTlk.exe
2⤵
PID:6900

C:\Windows\System\zEHsOOO.exe
C:\Windows\System\zEHsOOO.exe
2⤵
PID:6552

C:\Windows\System\xedgsxO.exe
C:\Windows\System\xedgsxO.exe
2⤵
PID:7136

C:\Windows\System\odkOFaf.exe
C:\Windows\System\odkOFaf.exe
2⤵
PID:7080

C:\Windows\System\sgVOSeR.exe
C:\Windows\System\sgVOSeR.exe
2⤵
PID:6720

C:\Windows\System\AuyQXzF.exe
C:\Windows\System\AuyQXzF.exe
2⤵
PID:6192

C:\Windows\System\XhlXrXd.exe
C:\Windows\System\XhlXrXd.exe
2⤵
PID:7196

C:\Windows\System\mFTqOVr.exe
C:\Windows\System\mFTqOVr.exe
2⤵
PID:7212

C:\Windows\System\YaueGyd.exe
C:\Windows\System\YaueGyd.exe
2⤵
PID:7228

C:\Windows\System\bqgTwCV.exe
C:\Windows\System\bqgTwCV.exe
2⤵
PID:7244

C:\Windows\System\wrnnaII.exe
C:\Windows\System\wrnnaII.exe
2⤵
PID:7280

C:\Windows\System\bvPJwNS.exe
C:\Windows\System\bvPJwNS.exe
2⤵
PID:7296

C:\Windows\System\xClrrtr.exe
C:\Windows\System\xClrrtr.exe
2⤵
PID:7312

C:\Windows\System\ckKRClc.exe
C:\Windows\System\ckKRClc.exe
2⤵
PID:7328

C:\Windows\System\fSGdGmy.exe
C:\Windows\System\fSGdGmy.exe
2⤵
PID:7344

C:\Windows\System\tvOpjNi.exe
C:\Windows\System\tvOpjNi.exe
2⤵
PID:7360

C:\Windows\System\ilTqtgD.exe
C:\Windows\System\ilTqtgD.exe
2⤵
PID:7384

C:\Windows\System\eIEvqKw.exe
C:\Windows\System\eIEvqKw.exe
2⤵
PID:7404

C:\Windows\System\nbwAZuo.exe
C:\Windows\System\nbwAZuo.exe
2⤵
PID:7424

C:\Windows\System\XTSXgOE.exe
C:\Windows\System\XTSXgOE.exe
2⤵
PID:7440

C:\Windows\System\iTwakrb.exe
C:\Windows\System\iTwakrb.exe
2⤵
PID:7456

C:\Windows\System\ZSwBNLz.exe
C:\Windows\System\ZSwBNLz.exe
2⤵
PID:7472

C:\Windows\System\iYuKXLp.exe
C:\Windows\System\iYuKXLp.exe
2⤵
PID:7492

C:\Windows\System\NGhHlTd.exe
C:\Windows\System\NGhHlTd.exe
2⤵
PID:7512

C:\Windows\System\IiZrRaN.exe
C:\Windows\System\IiZrRaN.exe
2⤵
PID:7532

C:\Windows\System\CgSdbsz.exe
C:\Windows\System\CgSdbsz.exe
2⤵
PID:7548

C:\Windows\System\ANobFAE.exe
C:\Windows\System\ANobFAE.exe
2⤵
PID:7568

C:\Windows\System\jNOFJIl.exe
C:\Windows\System\jNOFJIl.exe
2⤵
PID:7588

C:\Windows\System\CIGRdCo.exe
C:\Windows\System\CIGRdCo.exe
2⤵
PID:7604

C:\Windows\System\lExxGQU.exe
C:\Windows\System\lExxGQU.exe
2⤵
PID:7624

C:\Windows\System\rUigPWq.exe
C:\Windows\System\rUigPWq.exe
2⤵
PID:7640

C:\Windows\System\mwnduCi.exe
C:\Windows\System\mwnduCi.exe
2⤵
PID:7656

C:\Windows\System\zCcflsl.exe
C:\Windows\System\zCcflsl.exe
2⤵
PID:7676

C:\Windows\System\MviCkFO.exe
C:\Windows\System\MviCkFO.exe
2⤵
PID:7692

C:\Windows\System\JNNTbzi.exe
C:\Windows\System\JNNTbzi.exe
2⤵
PID:7708

C:\Windows\System\iGrAtlX.exe
C:\Windows\System\iGrAtlX.exe
2⤵
PID:7724

C:\Windows\System\CzoyIZQ.exe
C:\Windows\System\CzoyIZQ.exe
2⤵
PID:7740

C:\Windows\System\lievNrH.exe
C:\Windows\System\lievNrH.exe
2⤵
PID:7756

C:\Windows\System\CeHlaWA.exe
C:\Windows\System\CeHlaWA.exe
2⤵
PID:7776

C:\Windows\System\dHJRHYG.exe
C:\Windows\System\dHJRHYG.exe
2⤵
PID:7796

C:\Windows\System\IBojfsr.exe
C:\Windows\System\IBojfsr.exe
2⤵
PID:7816

C:\Windows\System\martvoB.exe
C:\Windows\System\martvoB.exe
2⤵
PID:7832

C:\Windows\System\fTZRroI.exe
C:\Windows\System\fTZRroI.exe
2⤵
PID:7848

C:\Windows\System\DJFTFmg.exe
C:\Windows\System\DJFTFmg.exe
2⤵
PID:7876

C:\Windows\System\DoQUbBZ.exe
C:\Windows\System\DoQUbBZ.exe
2⤵
PID:7896

C:\Windows\System\iCpMuyz.exe
C:\Windows\System\iCpMuyz.exe
2⤵
PID:7928

C:\Windows\System\emjmWIW.exe
C:\Windows\System\emjmWIW.exe
2⤵
PID:7952

C:\Windows\System\TeoIFww.exe
C:\Windows\System\TeoIFww.exe
2⤵
PID:7968

C:\Windows\System\godTjFP.exe
C:\Windows\System\godTjFP.exe
2⤵
PID:7984

C:\Windows\System\izggLEb.exe
C:\Windows\System\izggLEb.exe
2⤵
PID:8000

C:\Windows\System\OkpcANP.exe
C:\Windows\System\OkpcANP.exe
2⤵
PID:8016

C:\Windows\System\isXfRRD.exe
C:\Windows\System\isXfRRD.exe
2⤵
PID:8032

C:\Windows\System\jwwTdIh.exe
C:\Windows\System\jwwTdIh.exe
2⤵
PID:8048

C:\Windows\System\FwITTAf.exe
C:\Windows\System\FwITTAf.exe
2⤵
PID:8064

C:\Windows\System\nJdJdak.exe
C:\Windows\System\nJdJdak.exe
2⤵
PID:8080

C:\Windows\System\qweOcOp.exe
C:\Windows\System\qweOcOp.exe
2⤵
PID:8096

C:\Windows\System\XYOFpyw.exe
C:\Windows\System\XYOFpyw.exe
2⤵
PID:8116

C:\Windows\System\fIQCnGY.exe
C:\Windows\System\fIQCnGY.exe
2⤵
PID:8132

C:\Windows\System\EeVyvCh.exe
C:\Windows\System\EeVyvCh.exe
2⤵
PID:8148

C:\Windows\System\dcKhRdE.exe
C:\Windows\System\dcKhRdE.exe
2⤵
PID:8164

C:\Windows\System\AvLqcPW.exe
C:\Windows\System\AvLqcPW.exe
2⤵
PID:8180

C:\Windows\System\bvbZvkp.exe
C:\Windows\System\bvbZvkp.exe
2⤵
PID:7180

C:\Windows\System\Phsbpsk.exe
C:\Windows\System\Phsbpsk.exe
2⤵
PID:7208

C:\Windows\System\UZkVdWB.exe
C:\Windows\System\UZkVdWB.exe
2⤵
PID:7556

C:\Windows\System\ukXltVk.exe
C:\Windows\System\ukXltVk.exe
2⤵
PID:7600

C:\Windows\System\gynXxXl.exe
C:\Windows\System\gynXxXl.exe
2⤵
PID:7288

C:\Windows\System\uHqsvrr.exe
C:\Windows\System\uHqsvrr.exe
2⤵
PID:7392

C:\Windows\System\KLTenIn.exe
C:\Windows\System\KLTenIn.exe
2⤵
PID:7396

C:\Windows\System\PPqSVIW.exe
C:\Windows\System\PPqSVIW.exe
2⤵
PID:7468

C:\Windows\System\hcdBHNi.exe
C:\Windows\System\hcdBHNi.exe
2⤵
PID:7544

C:\Windows\System\nuiwwux.exe
C:\Windows\System\nuiwwux.exe
2⤵
PID:7612

C:\Windows\System\hRwKHmq.exe
C:\Windows\System\hRwKHmq.exe
2⤵
PID:7652

C:\Windows\System\Egkivrs.exe
C:\Windows\System\Egkivrs.exe
2⤵
PID:7668

C:\Windows\System\dnxrNTh.exe
C:\Windows\System\dnxrNTh.exe
2⤵
PID:7704

C:\Windows\System\jdbcECN.exe
C:\Windows\System\jdbcECN.exe
2⤵
PID:7716

C:\Windows\System\iMNgalh.exe
C:\Windows\System\iMNgalh.exe
2⤵
PID:7772

C:\Windows\System\mqDhwjr.exe
C:\Windows\System\mqDhwjr.exe
2⤵
PID:7840

C:\Windows\System\mOInDra.exe
C:\Windows\System\mOInDra.exe
2⤵
PID:7792

C:\Windows\System\vbEHEuq.exe
C:\Windows\System\vbEHEuq.exe
2⤵
PID:7884

C:\Windows\System\VNCwMvW.exe
C:\Windows\System\VNCwMvW.exe
2⤵
PID:7980

C:\Windows\System\eIquKFS.exe
C:\Windows\System\eIquKFS.exe
2⤵
PID:8140

C:\Windows\System\iczKJwf.exe
C:\Windows\System\iczKJwf.exe
2⤵
PID:7904

C:\Windows\System\djtomRF.exe
C:\Windows\System\djtomRF.exe
2⤵
PID:8060

C:\Windows\System\VVFVKyf.exe
C:\Windows\System\VVFVKyf.exe
2⤵
PID:7996

C:\Windows\System\KJJTQGt.exe
C:\Windows\System\KJJTQGt.exe
2⤵
PID:8188

C:\Windows\System\HBUqjKV.exe
C:\Windows\System\HBUqjKV.exe
2⤵
PID:8160

C:\Windows\System\vavHKzW.exe
C:\Windows\System\vavHKzW.exe
2⤵
PID:7192

C:\Windows\System\qFeczps.exe
C:\Windows\System\qFeczps.exe
2⤵
PID:7220

C:\Windows\System\PEueiKU.exe
C:\Windows\System\PEueiKU.exe
2⤵
PID:7268

C:\Windows\System\xQLaBmz.exe
C:\Windows\System\xQLaBmz.exe
2⤵
PID:7304

C:\Windows\System\jNvoDSA.exe
C:\Windows\System\jNvoDSA.exe
2⤵
PID:7372

C:\Windows\System\UKGtbCI.exe
C:\Windows\System\UKGtbCI.exe
2⤵
PID:7420

C:\Windows\System\YIdJzXu.exe
C:\Windows\System\YIdJzXu.exe
2⤵
PID:7596

C:\Windows\System\ABUayLk.exe
C:\Windows\System\ABUayLk.exe
2⤵
PID:7580

C:\Windows\System\mxvstEB.exe
C:\Windows\System\mxvstEB.exe
2⤵
PID:7736

C:\Windows\System\BAGIrka.exe
C:\Windows\System\BAGIrka.exe
2⤵
PID:7804

C:\Windows\System\jRjDDdh.exe
C:\Windows\System\jRjDDdh.exe
2⤵
PID:7488

C:\Windows\System\KiJgNFj.exe
C:\Windows\System\KiJgNFj.exe
2⤵
PID:7636

C:\Windows\System\lOAPqlZ.exe
C:\Windows\System\lOAPqlZ.exe
2⤵
PID:7504

C:\Windows\System\myEXWDs.exe
C:\Windows\System\myEXWDs.exe
2⤵
PID:7700

C:\Windows\System\oRHiLrM.exe
C:\Windows\System\oRHiLrM.exe
2⤵
PID:7788

C:\Windows\System\lNnqejM.exe
C:\Windows\System\lNnqejM.exe
2⤵
PID:7892

C:\Windows\System\pfecZzI.exe
C:\Windows\System\pfecZzI.exe
2⤵
PID:7916

C:\Windows\System\cHgxwCv.exe
C:\Windows\System\cHgxwCv.exe
2⤵
PID:6696

C:\Windows\System\mGFnPtw.exe
C:\Windows\System\mGFnPtw.exe
2⤵
PID:8024

C:\Windows\System\TnudwdH.exe
C:\Windows\System\TnudwdH.exe
2⤵
PID:7252

C:\Windows\System\IvQEPVa.exe
C:\Windows\System\IvQEPVa.exe
2⤵
PID:7452

C:\Windows\System\ovtDMAm.exe
C:\Windows\System\ovtDMAm.exe
2⤵
PID:5712

C:\Windows\System\ASmsyCR.exe
C:\Windows\System\ASmsyCR.exe
2⤵
PID:7352

C:\Windows\System\OvIZycW.exe
C:\Windows\System\OvIZycW.exe
2⤵
PID:7380

C:\Windows\System\ASyLvLn.exe
C:\Windows\System\ASyLvLn.exe
2⤵
PID:8040

C:\Windows\System\jWsxjMV.exe
C:\Windows\System\jWsxjMV.exe
2⤵
PID:7528

C:\Windows\System\zcyMlYF.exe
C:\Windows\System\zcyMlYF.exe
2⤵
PID:7856

C:\Windows\System\joaOYVK.exe
C:\Windows\System\joaOYVK.exe
2⤵
PID:7944

C:\Windows\System\nIzxoZf.exe
C:\Windows\System\nIzxoZf.exe
2⤵
PID:7908

C:\Windows\System\CleduKn.exe
C:\Windows\System\CleduKn.exe
2⤵
PID:8104

C:\Windows\System\WpPgFzN.exe
C:\Windows\System\WpPgFzN.exe
2⤵
PID:7764

C:\Windows\System\yUBaNkd.exe
C:\Windows\System\yUBaNkd.exe
2⤵
PID:7948

C:\Windows\System\HvkDtmY.exe
C:\Windows\System\HvkDtmY.exe
2⤵
PID:8012

C:\Windows\System\NDgLRcO.exe
C:\Windows\System\NDgLRcO.exe
2⤵
PID:7484

C:\Windows\System\cJOjJyE.exe
C:\Windows\System\cJOjJyE.exe
2⤵
PID:7808

C:\Windows\System\gQuAJkO.exe
C:\Windows\System\gQuAJkO.exe
2⤵
PID:7868

C:\Windows\System\wQOJDqK.exe
C:\Windows\System\wQOJDqK.exe
2⤵
PID:8076

C:\Windows\System\qJEenpZ.exe
C:\Windows\System\qJEenpZ.exe
2⤵
PID:8124

C:\Windows\System\KdVMJCz.exe
C:\Windows\System\KdVMJCz.exe
2⤵
PID:7324

C:\Windows\System\xWfmuHy.exe
C:\Windows\System\xWfmuHy.exe
2⤵
PID:7224

C:\Windows\System\ERVaOyl.exe
C:\Windows\System\ERVaOyl.exe
2⤵
PID:7416

C:\Windows\System\smCmTaZ.exe
C:\Windows\System\smCmTaZ.exe
2⤵
PID:7508

C:\Windows\System\yRUucXr.exe
C:\Windows\System\yRUucXr.exe
2⤵
PID:7672

C:\Windows\System\WbZHoyi.exe
C:\Windows\System\WbZHoyi.exe
2⤵
PID:7524

C:\Windows\System\tIuwzCV.exe
C:\Windows\System\tIuwzCV.exe
2⤵
PID:7340

C:\Windows\System\TussulV.exe
C:\Windows\System\TussulV.exe
2⤵
PID:7260

C:\Windows\System\opripDE.exe
C:\Windows\System\opripDE.exe
2⤵
PID:7648

C:\Windows\System\JrtlRre.exe
C:\Windows\System\JrtlRre.exe
2⤵
PID:8204

C:\Windows\System\ubjIggw.exe
C:\Windows\System\ubjIggw.exe
2⤵
PID:8220

C:\Windows\System\rksiDgO.exe
C:\Windows\System\rksiDgO.exe
2⤵
PID:8240

C:\Windows\System\zDitiYe.exe
C:\Windows\System\zDitiYe.exe
2⤵
PID:8268

C:\Windows\System\IctsOwc.exe
C:\Windows\System\IctsOwc.exe
2⤵
PID:8284

C:\Windows\System\wDNKqND.exe
C:\Windows\System\wDNKqND.exe
2⤵
PID:8304

C:\Windows\System\vKDsupD.exe
C:\Windows\System\vKDsupD.exe
2⤵
PID:8328

C:\Windows\System\vZQzcmr.exe
C:\Windows\System\vZQzcmr.exe
2⤵
PID:8348

C:\Windows\System\vmfuzxH.exe
C:\Windows\System\vmfuzxH.exe
2⤵
PID:8368

C:\Windows\System\uanWvIt.exe
C:\Windows\System\uanWvIt.exe
2⤵
PID:8384

C:\Windows\System\NuRDcyH.exe
C:\Windows\System\NuRDcyH.exe
2⤵
PID:8412

C:\Windows\System\RQZBFqw.exe
C:\Windows\System\RQZBFqw.exe
2⤵
PID:8428

C:\Windows\System\gHwycHq.exe
C:\Windows\System\gHwycHq.exe
2⤵
PID:8448

C:\Windows\System\EDpVKtn.exe
C:\Windows\System\EDpVKtn.exe
2⤵
PID:8468

C:\Windows\System\qYdqGOB.exe
C:\Windows\System\qYdqGOB.exe
2⤵
PID:8488

C:\Windows\System\zNBQULf.exe
C:\Windows\System\zNBQULf.exe
2⤵
PID:8508

C:\Windows\System\EyECGEW.exe
C:\Windows\System\EyECGEW.exe
2⤵
PID:8532

C:\Windows\System\wIVunxS.exe
C:\Windows\System\wIVunxS.exe
2⤵
PID:8548

C:\Windows\System\bbdykEX.exe
C:\Windows\System\bbdykEX.exe
2⤵
PID:8568

C:\Windows\System\unbDFlW.exe
C:\Windows\System\unbDFlW.exe
2⤵
PID:8584

C:\Windows\System\RwGzDFX.exe
C:\Windows\System\RwGzDFX.exe
2⤵
PID:8604

C:\Windows\System\LQkSxmR.exe
C:\Windows\System\LQkSxmR.exe
2⤵
PID:8620

C:\Windows\System\NTnjWgw.exe
C:\Windows\System\NTnjWgw.exe
2⤵
PID:8636

C:\Windows\System\DfOVygw.exe
C:\Windows\System\DfOVygw.exe
2⤵
PID:8652

C:\Windows\System\YfwKgBH.exe
C:\Windows\System\YfwKgBH.exe
2⤵
PID:8668

C:\Windows\System\aYtqJqQ.exe
C:\Windows\System\aYtqJqQ.exe
2⤵
PID:8684

C:\Windows\System\FGjHjvW.exe
C:\Windows\System\FGjHjvW.exe
2⤵
PID:8704

C:\Windows\System\vqCdvqz.exe
C:\Windows\System\vqCdvqz.exe
2⤵
PID:8720

C:\Windows\System\pVzJmjf.exe
C:\Windows\System\pVzJmjf.exe
2⤵
PID:8740

C:\Windows\System\euSbdFN.exe
C:\Windows\System\euSbdFN.exe
2⤵
PID:8760

C:\Windows\System\pUwAszn.exe
C:\Windows\System\pUwAszn.exe
2⤵
PID:8784

C:\Windows\System\MXxGajU.exe
C:\Windows\System\MXxGajU.exe
2⤵
PID:8812

C:\Windows\System\RtBXcyT.exe
C:\Windows\System\RtBXcyT.exe
2⤵
PID:8828

C:\Windows\System\tyWtNLK.exe
C:\Windows\System\tyWtNLK.exe
2⤵
PID:8848

C:\Windows\System\ApVtsUB.exe
C:\Windows\System\ApVtsUB.exe
2⤵
PID:8864

C:\Windows\System\vjosgsH.exe
C:\Windows\System\vjosgsH.exe
2⤵
PID:8880

C:\Windows\System\BjLisYN.exe
C:\Windows\System\BjLisYN.exe
2⤵
PID:8900

C:\Windows\System\ZiOcaeU.exe
C:\Windows\System\ZiOcaeU.exe
2⤵
PID:8920

C:\Windows\System\qulIUlM.exe
C:\Windows\System\qulIUlM.exe
2⤵
PID:8944

C:\Windows\System\zDWowMi.exe
C:\Windows\System\zDWowMi.exe
2⤵
PID:8960

C:\Windows\System\BxbnwZI.exe
C:\Windows\System\BxbnwZI.exe
2⤵
PID:8980

C:\Windows\System\hvphpJv.exe
C:\Windows\System\hvphpJv.exe
2⤵
PID:9000

C:\Windows\System\EAKSpeS.exe
C:\Windows\System\EAKSpeS.exe
2⤵
PID:9016

C:\Windows\System\OAvsdSC.exe
C:\Windows\System\OAvsdSC.exe
2⤵
PID:9032

C:\Windows\System\Fgrzorq.exe
C:\Windows\System\Fgrzorq.exe
2⤵
PID:9052

C:\Windows\System\IrlSgaT.exe
C:\Windows\System\IrlSgaT.exe
2⤵
PID:9068

C:\Windows\System\VbuwtRi.exe
C:\Windows\System\VbuwtRi.exe
2⤵
PID:9092

C:\Windows\System\GqMpJQa.exe
C:\Windows\System\GqMpJQa.exe
2⤵
PID:9108

C:\Windows\System\rVAmpcA.exe
C:\Windows\System\rVAmpcA.exe
2⤵
PID:9128

C:\Windows\System\cSsEWej.exe
C:\Windows\System\cSsEWej.exe
2⤵
PID:9152

C:\Windows\System\RsZwuUU.exe
C:\Windows\System\RsZwuUU.exe
2⤵
PID:9168

C:\Windows\System\pWMrfwD.exe
C:\Windows\System\pWMrfwD.exe
2⤵
PID:9184

C:\Windows\System\PjvlqgA.exe
C:\Windows\System\PjvlqgA.exe
2⤵
PID:9204

C:\Windows\System\dBeZGAv.exe
C:\Windows\System\dBeZGAv.exe
2⤵
PID:8200

C:\Windows\System\qILVsYV.exe
C:\Windows\System\qILVsYV.exe
2⤵
PID:8260

C:\Windows\System\SNiaJqu.exe
C:\Windows\System\SNiaJqu.exe
2⤵
PID:8280

C:\Windows\System\aaDdGBm.exe
C:\Windows\System\aaDdGBm.exe
2⤵
PID:8336

C:\Windows\System\luwwEjF.exe
C:\Windows\System\luwwEjF.exe
2⤵
PID:8340

C:\Windows\System\tnPzNgh.exe
C:\Windows\System\tnPzNgh.exe
2⤵
PID:7976

C:\Windows\System\eCVptJQ.exe
C:\Windows\System\eCVptJQ.exe
2⤵
PID:8420

C:\Windows\System\mvvvLTH.exe
C:\Windows\System\mvvvLTH.exe
2⤵
PID:8444

C:\Windows\System\FANQNaX.exe
C:\Windows\System\FANQNaX.exe
2⤵
PID:8480

C:\Windows\System\suZcnBi.exe
C:\Windows\System\suZcnBi.exe
2⤵
PID:8500

C:\Windows\System\jCamATP.exe
C:\Windows\System\jCamATP.exe
2⤵
PID:8580

C:\Windows\System\tHJncgg.exe
C:\Windows\System\tHJncgg.exe
2⤵
PID:8676

C:\Windows\System\dOuqRGy.exe
C:\Windows\System\dOuqRGy.exe
2⤵
PID:8800

C:\Windows\System\yXGLHnO.exe
C:\Windows\System\yXGLHnO.exe
2⤵
PID:8876

C:\Windows\System\iHstmjX.exe
C:\Windows\System\iHstmjX.exe
2⤵
PID:8916

C:\Windows\System\OkfAGsB.exe
C:\Windows\System\OkfAGsB.exe
2⤵
PID:8996

C:\Windows\System\frevwFy.exe
C:\Windows\System\frevwFy.exe
2⤵
PID:9100

C:\Windows\System\JGiLXwE.exe
C:\Windows\System\JGiLXwE.exe
2⤵
PID:9176

C:\Windows\System\nzsBEnh.exe
C:\Windows\System\nzsBEnh.exe
2⤵
PID:9212

C:\Windows\System\kSOUYtL.exe
C:\Windows\System\kSOUYtL.exe
2⤵
PID:8696

C:\Windows\System\xFzoUKe.exe
C:\Windows\System\xFzoUKe.exe
2⤵
PID:8556

C:\Windows\System\siPWcit.exe
C:\Windows\System\siPWcit.exe
2⤵
PID:8780

C:\Windows\System\XUhaVNY.exe
C:\Windows\System\XUhaVNY.exe
2⤵
PID:8888

C:\Windows\System\zUsqmoC.exe
C:\Windows\System\zUsqmoC.exe
2⤵
PID:8460

C:\Windows\System\YiXOGXm.exe
C:\Windows\System\YiXOGXm.exe
2⤵
PID:8976

C:\Windows\System\foxsLpW.exe
C:\Windows\System\foxsLpW.exe
2⤵
PID:8544

C:\Windows\System\qJAsAIK.exe
C:\Windows\System\qJAsAIK.exe
2⤵
PID:9200

C:\Windows\System\QDRbzsR.exe
C:\Windows\System\QDRbzsR.exe
2⤵
PID:8912

C:\Windows\System\AVrYOiM.exe
C:\Windows\System\AVrYOiM.exe
2⤵
PID:9064

C:\Windows\System\rETrZoQ.exe
C:\Windows\System\rETrZoQ.exe
2⤵
PID:8732

C:\Windows\System\FDpeOTm.exe
C:\Windows\System\FDpeOTm.exe
2⤵
PID:8736

C:\Windows\System\OegBAdn.exe
C:\Windows\System\OegBAdn.exe
2⤵
PID:9120

C:\Windows\System\eqDbqqT.exe
C:\Windows\System\eqDbqqT.exe
2⤵
PID:9164

C:\Windows\System\FqQLTUg.exe
C:\Windows\System\FqQLTUg.exe
2⤵
PID:8232

C:\Windows\System\INaugzu.exe
C:\Windows\System\INaugzu.exe
2⤵
PID:8236

C:\Windows\System\WOwcwHg.exe
C:\Windows\System\WOwcwHg.exe
2⤵
PID:8860

C:\Windows\System\AcwzKal.exe
C:\Windows\System\AcwzKal.exe
2⤵
PID:7844

C:\Windows\System\rMbiLUO.exe
C:\Windows\System\rMbiLUO.exe
2⤵
PID:8300

C:\Windows\System\GpORtdk.exe
C:\Windows\System\GpORtdk.exe
2⤵
PID:9048

C:\Windows\System\paoLOiB.exe
C:\Windows\System\paoLOiB.exe
2⤵
PID:996

C:\Windows\System\BiOnoZK.exe
C:\Windows\System\BiOnoZK.exe
2⤵
PID:8928

C:\Windows\System\MSCnAzl.exe
C:\Windows\System\MSCnAzl.exe
2⤵
PID:8256

C:\Windows\System\xUdOFXJ.exe
C:\Windows\System\xUdOFXJ.exe
2⤵
PID:8360

C:\Windows\System\ZWYeRdp.exe
C:\Windows\System\ZWYeRdp.exe
2⤵
PID:8516

C:\Windows\System\oRKYfiX.exe
C:\Windows\System\oRKYfiX.exe
2⤵
PID:8716

C:\Windows\System\OjcaQIX.exe
C:\Windows\System\OjcaQIX.exe
2⤵
PID:8988

C:\Windows\System\HuTgjrZ.exe
C:\Windows\System\HuTgjrZ.exe
2⤵
PID:8564

C:\Windows\System\RyemYPc.exe
C:\Windows\System\RyemYPc.exe
2⤵
PID:8396

C:\Windows\System\ZomIeZf.exe
C:\Windows\System\ZomIeZf.exe
2⤵
PID:8540

C:\Windows\System\Lujszmc.exe
C:\Windows\System\Lujszmc.exe
2⤵
PID:8856

C:\Windows\System\nvtwWXo.exe
C:\Windows\System\nvtwWXo.exe
2⤵
PID:8756

C:\Windows\System\sNiIkRB.exe
C:\Windows\System\sNiIkRB.exe
2⤵
PID:8824

C:\Windows\System\SRBapTy.exe
C:\Windows\System\SRBapTy.exe
2⤵
PID:8316

C:\Windows\System\sWDTHAH.exe
C:\Windows\System\sWDTHAH.exe
2⤵
PID:9040

C:\Windows\System\wReqqjZ.exe
C:\Windows\System\wReqqjZ.exe
2⤵
PID:8312

C:\Windows\System\tMGJUeT.exe
C:\Windows\System\tMGJUeT.exe
2⤵
PID:8940

C:\Windows\System\UmwHbAT.exe
C:\Windows\System\UmwHbAT.exe
2⤵
PID:8276

C:\Windows\System\cuHuRkI.exe
C:\Windows\System\cuHuRkI.exe
2⤵
PID:8748

C:\Windows\System\XRAOlWL.exe
C:\Windows\System\XRAOlWL.exe
2⤵
PID:9088

C:\Windows\System\onHljGn.exe
C:\Windows\System\onHljGn.exe
2⤵
PID:9236

C:\Windows\System\wPdGtRR.exe
C:\Windows\System\wPdGtRR.exe
2⤵
PID:9268

C:\Windows\System\EJEWjVP.exe
C:\Windows\System\EJEWjVP.exe
2⤵
PID:9284

C:\Windows\System\aRKFvSB.exe
C:\Windows\System\aRKFvSB.exe
2⤵
PID:9300

C:\Windows\System\jBGnzRj.exe
C:\Windows\System\jBGnzRj.exe
2⤵
PID:9316

C:\Windows\System\ktVFBfp.exe
C:\Windows\System\ktVFBfp.exe
2⤵
PID:9332

C:\Windows\System\yfKypiw.exe
C:\Windows\System\yfKypiw.exe
2⤵
PID:9348

C:\Windows\System\gtVoZrN.exe
C:\Windows\System\gtVoZrN.exe
2⤵
PID:9364

C:\Windows\System\CEIKkWJ.exe
C:\Windows\System\CEIKkWJ.exe
2⤵
PID:9380

C:\Windows\System\eRfDYfz.exe
C:\Windows\System\eRfDYfz.exe
2⤵
PID:9396

C:\Windows\System\cSConzm.exe
C:\Windows\System\cSConzm.exe
2⤵
PID:9412

C:\Windows\System\Vpwawiw.exe
C:\Windows\System\Vpwawiw.exe
2⤵
PID:9428

C:\Windows\System\DCPyxYh.exe
C:\Windows\System\DCPyxYh.exe
2⤵
PID:9444

C:\Windows\System\XLPckjK.exe
C:\Windows\System\XLPckjK.exe
2⤵
PID:9460

C:\Windows\System\JIfGGdp.exe
C:\Windows\System\JIfGGdp.exe
2⤵
PID:9476

C:\Windows\System\HHDCyIy.exe
C:\Windows\System\HHDCyIy.exe
2⤵
PID:9492

C:\Windows\System\QNKHNEt.exe
C:\Windows\System\QNKHNEt.exe
2⤵
PID:9508

C:\Windows\System\IaUSXTK.exe
C:\Windows\System\IaUSXTK.exe
2⤵
PID:9524

C:\Windows\System\roDvfrK.exe
C:\Windows\System\roDvfrK.exe
2⤵
PID:9560

C:\Windows\System\IMXoIaK.exe
C:\Windows\System\IMXoIaK.exe
2⤵
PID:9652

C:\Windows\System\RaIhCsq.exe
C:\Windows\System\RaIhCsq.exe
2⤵
PID:9668

C:\Windows\System\fzRxhCx.exe
C:\Windows\System\fzRxhCx.exe
2⤵
PID:9692

C:\Windows\System\mTycnSs.exe
C:\Windows\System\mTycnSs.exe
2⤵
PID:9708

C:\Windows\System\MNKsQkj.exe
C:\Windows\System\MNKsQkj.exe
2⤵
PID:9728

C:\Windows\System\YsOnidR.exe
C:\Windows\System\YsOnidR.exe
2⤵
PID:9748

C:\Windows\System\DCXMnry.exe
C:\Windows\System\DCXMnry.exe
2⤵
PID:9772

C:\Windows\System\wNLxjnP.exe
C:\Windows\System\wNLxjnP.exe
2⤵
PID:9788

C:\Windows\System\ZStNvom.exe
C:\Windows\System\ZStNvom.exe
2⤵
PID:9804

C:\Windows\System\oxnuAhr.exe
C:\Windows\System\oxnuAhr.exe
2⤵
PID:9820

C:\Windows\System\fXcfVxx.exe
C:\Windows\System\fXcfVxx.exe
2⤵
PID:9836

C:\Windows\System\syixigp.exe
C:\Windows\System\syixigp.exe
2⤵
PID:9852

C:\Windows\System\yZpxXCF.exe
C:\Windows\System\yZpxXCF.exe
2⤵
PID:9868

C:\Windows\System\JKyzWYm.exe
C:\Windows\System\JKyzWYm.exe
2⤵
PID:9884

C:\Windows\System\TqqHifp.exe
C:\Windows\System\TqqHifp.exe
2⤵
PID:9904

C:\Windows\System\QQoVimN.exe
C:\Windows\System\QQoVimN.exe
2⤵
PID:9924

C:\Windows\System\boHgwNw.exe
C:\Windows\System\boHgwNw.exe
2⤵
PID:9944

C:\Windows\System\KwtHsbU.exe
C:\Windows\System\KwtHsbU.exe
2⤵
PID:9964

C:\Windows\System\hINBzDa.exe
C:\Windows\System\hINBzDa.exe
2⤵
PID:9980

C:\Windows\System\dOCSuAS.exe
C:\Windows\System\dOCSuAS.exe
2⤵
PID:9996

C:\Windows\System\WCpaZnF.exe
C:\Windows\System\WCpaZnF.exe
2⤵
PID:10012

C:\Windows\System\xOpVIjQ.exe
C:\Windows\System\xOpVIjQ.exe
2⤵
PID:10076

C:\Windows\System\XhQRFSQ.exe
C:\Windows\System\XhQRFSQ.exe
2⤵
PID:10096

C:\Windows\System\XFaGmRn.exe
C:\Windows\System\XFaGmRn.exe
2⤵
PID:10112

C:\Windows\System\NYHIJHD.exe
C:\Windows\System\NYHIJHD.exe
2⤵
PID:10132

C:\Windows\System\IrXletX.exe
C:\Windows\System\IrXletX.exe
2⤵
PID:10148

C:\Windows\System\mwlbWLb.exe
C:\Windows\System\mwlbWLb.exe
2⤵
PID:10164

C:\Windows\System\vKAUSiq.exe
C:\Windows\System\vKAUSiq.exe
2⤵
PID:10180

C:\Windows\System\sDEqvBW.exe
C:\Windows\System\sDEqvBW.exe
2⤵
PID:10196

C:\Windows\System\QMAPqTN.exe
C:\Windows\System\QMAPqTN.exe
2⤵
PID:10232

C:\Windows\System\HJYlSoD.exe
C:\Windows\System\HJYlSoD.exe
2⤵
PID:8324

C:\Windows\System\lljfYhH.exe
C:\Windows\System\lljfYhH.exe
2⤵
PID:8404

C:\Windows\System\AJeaMdx.exe
C:\Windows\System\AJeaMdx.exe
2⤵
PID:8436

C:\Windows\System\DwNbTUL.exe
C:\Windows\System\DwNbTUL.exe
2⤵
PID:8772

C:\Windows\System\qJlPtAb.exe
C:\Windows\System\qJlPtAb.exe
2⤵
PID:9280

C:\Windows\System\UXxOjxb.exe
C:\Windows\System\UXxOjxb.exe
2⤵
PID:9228

C:\Windows\System\ReqszLm.exe
C:\Windows\System\ReqszLm.exe
2⤵
PID:9408

C:\Windows\System\mNbCytF.exe
C:\Windows\System\mNbCytF.exe
2⤵
PID:9292

C:\Windows\System\ehJByfz.exe
C:\Windows\System\ehJByfz.exe
2⤵
PID:9252

C:\Windows\System\FWGxoQK.exe
C:\Windows\System\FWGxoQK.exe
2⤵
PID:8628

C:\Windows\System\uQAeFHD.exe
C:\Windows\System\uQAeFHD.exe
2⤵
PID:9392

C:\Windows\System\XOknAKg.exe
C:\Windows\System\XOknAKg.exe
2⤵
PID:9388

C:\Windows\System\NzLMaXB.exe
C:\Windows\System\NzLMaXB.exe
2⤵
PID:9340

C:\Windows\System\yqMejxY.exe
C:\Windows\System\yqMejxY.exe
2⤵
PID:9440

C:\Windows\System\CoevURw.exe
C:\Windows\System\CoevURw.exe
2⤵
PID:9484

C:\Windows\System\wraZiYw.exe
C:\Windows\System\wraZiYw.exe
2⤵
PID:9516

C:\Windows\System\ftSneTx.exe
C:\Windows\System\ftSneTx.exe
2⤵
PID:9544

C:\Windows\System\AlaQsnu.exe
C:\Windows\System\AlaQsnu.exe
2⤵
PID:9572

C:\Windows\System\GlJeMvZ.exe
C:\Windows\System\GlJeMvZ.exe
2⤵
PID:9612

C:\Windows\System\tqMQQjD.exe
C:\Windows\System\tqMQQjD.exe
2⤵
PID:9580

C:\Windows\System\JwfZwno.exe
C:\Windows\System\JwfZwno.exe
2⤵
PID:9608

C:\Windows\System\aoSitbK.exe
C:\Windows\System\aoSitbK.exe
2⤵
PID:9660

C:\Windows\System\LMfPcRc.exe
C:\Windows\System\LMfPcRc.exe
2⤵
PID:9680

C:\Windows\System\KXVxgSy.exe
C:\Windows\System\KXVxgSy.exe
2⤵
PID:9724

C:\Windows\System\qUiVOmU.exe
C:\Windows\System\qUiVOmU.exe
2⤵
PID:9744

C:\Windows\System\gdoGozT.exe
C:\Windows\System\gdoGozT.exe
2⤵
PID:9760

C:\Windows\System\YFHaEuj.exe
C:\Windows\System\YFHaEuj.exe
2⤵
PID:9796

C:\Windows\System\GdVGHmv.exe
C:\Windows\System\GdVGHmv.exe
2⤵
PID:9632

C:\Windows\System\yhXkCNp.exe
C:\Windows\System\yhXkCNp.exe
2⤵
PID:9972

C:\Windows\System\KyReijj.exe
C:\Windows\System\KyReijj.exe
2⤵
PID:9932

C:\Windows\System\AqvqIim.exe
C:\Windows\System\AqvqIim.exe
2⤵
PID:9992

C:\Windows\System\vzEmAox.exe
C:\Windows\System\vzEmAox.exe
2⤵
PID:9780

C:\Windows\System\LbIMPfx.exe
C:\Windows\System\LbIMPfx.exe
2⤵
PID:10084

C:\Windows\System\tFPoXNw.exe
C:\Windows\System\tFPoXNw.exe
2⤵
PID:9876

C:\Windows\System\mazFEPP.exe
C:\Windows\System\mazFEPP.exe
2⤵
PID:9952

C:\Windows\System\xAIFlpI.exe
C:\Windows\System\xAIFlpI.exe
2⤵
PID:10036

C:\Windows\System\daAXuQV.exe
C:\Windows\System\daAXuQV.exe
2⤵
PID:10052

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AxjZWzn.exe
Filesize
6.0MB

MD5
c90ecee1c8383711ec342f73f65e7350

SHA1
25f824b1a641c3a2199bcd3f103392e5c6fcebea

SHA256
8b6382a602c65c2257d8ec6af202d49cd6755b7e575298375eb568244648f213

SHA512
ec8478ffa6c65da57a52914edeebf1bf9ae26c757912a92960574e3451577c65ff53ae0ec4847cd7caac56ffbeb22a670ae31b6c37d6db45ab73892f2c531fe8

Download Submit
C:\Windows\system\BRQfsZU.exe
Filesize
6.0MB

MD5
9f1bf5be364fc871bb1093c0a10fdc64

SHA1
a131b0e0de80f853f6932214aa1e53240a27a169

SHA256
121663bf331a106632aab73eee0466e79609808c34c4fd5e76a039597d0a6e0e

SHA512
f4d3b7648b166a44f26d7383308644fad133659fc5b68a9233e51d62cba3c973e54902a51699ffecab0eace70fdb610eee88c224b2d6913023d87b0dc8053616

Download Submit
C:\Windows\system\CgOGUhx.exe
Filesize
6.0MB

MD5
6bdc9bc9c7abfd7e4f9de07252fc13c9

SHA1
2a0d9a15f63b1ff1e53555ac8183fba7cdba6a58

SHA256
42de124d44c43b4c5329c78f2e5ffe1fddbf769b1a3a944b708e5029493fa660

SHA512
95242c5886345e8ca90d649f6d6028a171e148f0c29323701d3114f1ecc7510c23b1e91b2149fc487777ce97a16f075e4eaae04294ce4ea337934291aa4065d4

Download Submit
C:\Windows\system\IzRflIP.exe
Filesize
6.0MB

MD5
8b43fe170c4e4eae3dd7d871319d5b38

SHA1
a221ae81c09a05fd6681b726f3631c3a96380ac2

SHA256
23557f6cea8823eeaf797bf2929e1423b8043a52d382782ad236ef538dcf1078

SHA512
0b8b7bfecc7a942c8f12329be763fadbf61852843b4e84cf853549d26402fa46bae1a4613d738ddaddf7f7b23621ee6a0f9252da0500e9ec251ea0d3fced2c0b

Download Submit
C:\Windows\system\JNuTLyu.exe
Filesize
6.0MB

MD5
a195c1cfb1ef82217fbbf00c1f77e08e

SHA1
47c34f87c5ba71758a6d735684012403a2677b36

SHA256
069e73af2bb83ccd8087e8c46ce910548ea143fbf0d70e775bc8272cfb8ed827

SHA512
13c6907ad2fb8d79e9726bc1312e2992b85c9763c0047822d145af4f2ed3ad9dda0383b549e5cc319c08de0ca201145b8a2fcf944f4aaf6aee0462b81e8bf658

Download Submit
C:\Windows\system\MgNMZQY.exe
Filesize
6.0MB

MD5
d25229eaebdc636bfa1d43bc718dc971

SHA1
ff41a1149916ea2af1d760ee14b6bd22c746f054

SHA256
b3b9aec7ad77bec87ce5e69b914fb6eccea5bc730d9599ea6f358ed696646ecd

SHA512
62461383e093fc03f8026b0669626794408804660ac22c2b2ba8b98d6f0b08b846f78cbbfcdec9e58be5ab1ec0ab8f322fe2c98f5c98e7568442ecb4da11aad7

Download Submit
C:\Windows\system\NLInwRz.exe
Filesize
6.0MB

MD5
0d4f9b735607f4a65b1c41428eda66b1

SHA1
9c78dd2b4e858e58ede30e0c76b581d9a99b9805

SHA256
1f818ea48efbfa45800bff546e0bbfa14828beca16c8295cc36f5c5c2f7c9784

SHA512
8cb2bd61ae4c0c238135edc820bebb07ef19592702323ae2bbf49842cc924bb1e9df9c9b0494614cdca4efd74c3bf3b6109995d1037d09f25b1a10237c6d60cf

Download Submit
C:\Windows\system\RzdoaJI.exe
Filesize
6.0MB

MD5
5523180346e3e115f3c6d1be243b2e0a

SHA1
e0ffd8b739372a3423fcce1c3959b0c4742f7829

SHA256
bbdfa674dca86daec44928ba5a22a204eda8beedf7c0e4a297dca57a3372756b

SHA512
38f6b45c7b62253f72e5f6162619f99d00a62cc36365a35808a4552b076f0174458f8872d970902eab26d841d3ac39b63bee6cc66c3dee689f5817e54c9d6f8e

Download Submit
C:\Windows\system\TFIMGqj.exe
Filesize
6.0MB

MD5
a735edc6eeaa73a4e01a0c3a28847e18

SHA1
79af8b3294b354a645715db9894a445319294e4e

SHA256
21f636c8d539f4f2b92af0750af7a4c3ce3d685ff6d8169648256f66d493396f

SHA512
971b91ae587f5fb0e93312a95c78b7284e66f12f3b33f5721b4931ff106209426a1f611846fccf133f82ad2cccad792b19b9863efa69d69fb5c605776c19a08b

Download Submit
C:\Windows\system\UBfVHuk.exe
Filesize
6.0MB

MD5
ca597c3a08ed32bc5311184562cb63a6

SHA1
52877fa3d9667d827895ca556fb6f90c041d40a9

SHA256
93c1cc76070d7a4160963b6c2ba847c82e66d2dd24693ff841f31c1d550fcabe

SHA512
a43c26badd26ab108171fe6f9770c6627efacbc200d64fb61f1718542038aa7793fe6fd997cdbb39bd80f2b0913dec5638fa26dddf34c290308bfc7881adbdaa

Download Submit
C:\Windows\system\VeWNsfC.exe
Filesize
6.0MB

MD5
74f24b7073d753385214473f620a1a7b

SHA1
6c39c0bb39813ef726f509cb884c15c872bc1a8b

SHA256
21b8aa7e71c41952c4f273d37fbe248a650989f159a718ea17fd224eb7b95954

SHA512
7af7457a3f7a3dcb7788d0ba74210affb19d8a6f880c633f2e8669e2fc9a98445354b0d8c9ffd2b7eb6c1115a64607d19aa10d879712c291f453708f06df3957

Download Submit
C:\Windows\system\VnzdUJK.exe
Filesize
6.0MB

MD5
46026b1af1eb283b0cb0a0420c31c685

SHA1
2464c63af96d023d0ccc0df82ecedd26ef4bd3b6

SHA256
70f372fa836841efc76d79c3aa23c7a36008a44775caf5723456b9f8db6bd3b6

SHA512
d8502e5f9ae1a75726e0db65062b2f88b7bf1e0e06a287566bbd8b44ccd8e93aeabb90539ce515dc60bbb489543e9dbe6eb51a9a34900468b929b60ffa98d7cd

Download Submit
C:\Windows\system\bSaLhvi.exe
Filesize
6.0MB

MD5
02c53f13acb59524084811813c759f0a

SHA1
88a964eff4b409861a833dbb6127e26b70263221

SHA256
cbc8ca065e8861bf014ebbd9e6c5203210a52e417245aef0aef11b8fc72fa455

SHA512
5dbfcf267934d7ff5bb7c3c8226fa8990f3a2ae4764267458b3dab2fb7ca3ac22067f7d5234ec8369061be335d726fc6fe98bcfafbf5ada92619069c940e0f0c

Download Submit
C:\Windows\system\eKHPFpA.exe
Filesize
6.0MB

MD5
cbb9bc45f18970dd71a5d94d3717d75e

SHA1
824d662d46a1768703819c03893089133740d886

SHA256
3f57f06f056d083b5d77bd301130eb395fe966ed3bb5013b872a797d3a360ef5

SHA512
16ce978e50ffd72cc44ad044152f27cabf4f5177fef5405eed69f77a6c5879a2efff964ce55032b87685feb58496c5736c4c14e3bba29c7344517420c95ae88f

Download Submit
C:\Windows\system\fMHgjDc.exe
Filesize
6.0MB

MD5
3e6fa30bc0a9626ad3461c7a30f4fe3a

SHA1
4f24c9afc00b7da596404dfefee38083cd6e538b

SHA256
f3bc975f31c853d0155eca96a1f12a42e09c0beb53aa4839dff13d5640247159

SHA512
5717311c857622640b169cb2efaf5434e7fa6b71f21e5b178229a56c79105736566d0d559b90b43ee61a504fd5b35a25c45e23fa1df17720f4af6dc3ff690000

Download Submit
C:\Windows\system\jZtCFmx.exe
Filesize
6.0MB

MD5
2a22b6c77e68899384d7ca31912cb6c5

SHA1
158258c6ee4f166fd3999d33487cccc022b53269

SHA256
c2e6c3f3fef48e350669256cca5caefa6c495de20674e91cead328275f07d822

SHA512
1e2a221503e263ab873c8f0670472cc60b153fdae543f342d66a7b8d8ecd658886771ff1d020f565d2b45b1a02010723e24fa2d10df5616eb928c27722ae4c34

Download Submit
C:\Windows\system\kixyDSz.exe
Filesize
6.0MB

MD5
0a5018ee106719c48436ee79708a8a72

SHA1
a08b8fc118dac06f8b5045922cc7c739b1a1c2b8

SHA256
570c268c8111d759ac72aadefa467182bff5d0e03125beee65b803894f51ee57

SHA512
31a02c7d70a9f2635ead09f2798c4e00ee8aa597fb2fdd00ce1015c20db772d071796d71d13a25c6b080a3e798a252c96c8b6c7aaa0572e8d80377079d027480

Download Submit
C:\Windows\system\lupQsct.exe
Filesize
6.0MB

MD5
139fd292976c74402994792b8263ed55

SHA1
df6387d3d7c30fdceeb3f7c58dd44e663088c2bc

SHA256
f4df91f6c736c3d226e05b6d01db1e8771bc01f89bbfc6f862f55fdcbe5c837c

SHA512
bfe09a8afbeb65ce05a3cd0724e812bfdf2943bfcdcc314421249d4199d7ede707138407371e2a70a55f60764ab78f89f66a45e0d923736a2be4478b7911add5

Download Submit
C:\Windows\system\mvIJbYM.exe
Filesize
6.0MB

MD5
da688e3e027a80b277764f00db4a5d0f

SHA1
79ad9c4c45557e73c403ec5303f72bc815e7d763

SHA256
777e01e6d2f57c841690877e9bca78589aec2aa33317a0f25e04496db736a94b

SHA512
b6798e97d0faf8956c878ba0a4d5246e9b97cfe82f19402269b68633ab0e3a2eac740249907f6f058689b4665de0713690e80ca1b6d27998d67daa41609e9289

Download Submit
C:\Windows\system\qHPaszy.exe
Filesize
6.0MB

MD5
2edfdbcfa8425435f028dcf7c44a7b5c

SHA1
75d4bdac4f8dc655436725a21aa49dbccd92d7eb

SHA256
a0020c4c280de6fe05c4c9e4b1cd2dff60646c23fc79bcb8223fde904f058f00

SHA512
78d32e7ca749fc1574cc973ae5cf6600091bac7eff8d2e145ff48356bd1438d0c61051dbfc33bb8ddabf132533abc4f0b56c8273b94f377296816c237c45ec74

Download Submit
C:\Windows\system\wXUiKoX.exe
Filesize
6.0MB

MD5
59649104997ea04ad362fc69f8aefe84

SHA1
e6d7842002b17f0a944bff849669ae9408c27d61

SHA256
2fe5f62cad78c5f27745d16c30aa5c42c6a7f2b2197c274b7a0c9d259ab64f64

SHA512
cb32919f241e75600148d409656a87878e5972a1fec1e0537b4dd9396a58530ae715c616a336c59847e725ca013bf50aaeb94496c63eaae51edc2a35ef8b3a77

Download Submit
C:\Windows\system\wZmXJLd.exe
Filesize
6.0MB

MD5
576afef81a7e237fa1a35376d941b259

SHA1
d024fcf8a8f51ba6285f8d9987ea8310dcef6819

SHA256
253eea9b00716b62fc66071d83723441e0765eff03f826b888772a3b48f9ebdb

SHA512
564131b0ad00520c3cbef6621d17fe48b9b3de53f922be37cc6e893608b3918216766495830b6140c11b7f77f2591b9b27076386bb5529aeb7bc72dfff01af69

Download Submit
\Windows\system\AJMmDDe.exe
Filesize
6.0MB

MD5
80bdca087d0303530350ab55e1c54605

SHA1
8db4c33cea23708b73bf2c3f1a7adc6d72b7abae

SHA256
b64ff167421dd137272e422806053701966c46b28be623cc779eaafe0e995a55

SHA512
99b94c0669b9635ed92fb9c9eb3ce36586d6f6e40df03e219107d077149d83d558f1c54f97a3464a12a0e3be6ddf2b7eafd8fa1298290ef73025602b4098dccb

Download Submit
\Windows\system\GBmYmPf.exe
Filesize
6.0MB

MD5
d9e183c5829637d6b23f8dae90ebed15

SHA1
898c28161ff72cfcceedb9fbba03d16e69e9b16b

SHA256
9d7e7cb71e1a7d269237c17e5910a993c59b6372c4fd43af2589e64ab1763055

SHA512
5f8a258873f2d9f5bb892cea68b263fe2859ff68bbe26c8332a9d9182a579d61ec461000f6f6cb74c113fa8de4718bc1ef678eb135f761ccb242bd93e12add15

Download Submit
\Windows\system\INSPioK.exe
Filesize
6.0MB

MD5
f99d781ec40057d2f1401c15f62ab552

SHA1
b40b1b7595dce4d019a9a66d9452b6da6a21dd2c

SHA256
73829b09724169d0aa0cf743dd2f7deef7049796b7f755480d2809d3f13b5d53

SHA512
32430b37d4f5fd0dc18061b798da70a66cca687f1ce87691aae93fa8d8962c0a756da37ee08acfa498bf451f89d877a9984a6960e58ccfbf6af816dca01ca013

Download Submit
\Windows\system\NIDGkaO.exe
Filesize
6.0MB

MD5
959f6db90b2629d276ea2f897f286029

SHA1
2f35f52943f141d43509f23062e9348280008ad2

SHA256
04be64157342dd7c253febe846094ab4a76fcd707dfc44a5440d0c6e1d832971

SHA512
bb6066e272a7d3e306b26a5142e50dea94f14bf1282d910e7a5b3f3725258a316d7bdc8b01f3835e722d81b34fbbbb8eb403b7eec8197584bda413be499aa0cc

Download Submit
\Windows\system\VUzdySA.exe
Filesize
6.0MB

MD5
fb15b0b91c3f75ebbb6685b643e0823d

SHA1
663b4e1f78205fe30cc13b22fa32c1c8492ce977

SHA256
8d932dfb0b855979141ad48d3c9eb37c962dfd7a01d5ba702f0020675b0ce45e

SHA512
ba42ad6814a5ff5e6ef4ae5019276c87ff199596a7ac3b327a4acb74ef78dbb0adc5055a4c04a1bacc97b7afc34442d8f80e2efcaeb383043664c7e7055b4ed0

Download Submit
\Windows\system\dcSZclH.exe
Filesize
6.0MB

MD5
b8f6038e7e5da82af86a8b3d99a19668

SHA1
7acd97c079e4cf40dbdc94895ca091eb3ff568f0

SHA256
ed13349bd9f42d6039b36076f2af1c5b1f916859e4a791c8c51036efee365489

SHA512
144423941419e3e634d0ad72037522c668b6ff48c187afb9a0abb144a91f45ee20a50f722bcc0fb4f6ee7f3785cfea17ee2dd9c673048d0e07a1bb26ccd45aee

Download Submit
\Windows\system\jzCWpga.exe
Filesize
6.0MB

MD5
41a0a0a4be04c27ba20ccd1c60002cfc

SHA1
5d39418d00bee65673091b0639c2d58d890daa72

SHA256
a7fe2e62321fbda36fbd6e97486d704ec2c476897c444c4cc1f036fefde588e1

SHA512
c88125643739e1f169225a18c7642c2d985b15ea23c8c615deb1f38ad42499fef7393aa440a4c39e38f4d85681d7ccde5468e6ae9616c8fb55dc12083f90c015

Download Submit
\Windows\system\kRRySnm.exe
Filesize
6.0MB

MD5
ae4e21318752d653c1e031f92b817bc5

SHA1
fcbcc4dee8d731bd9a5f75ff88097a50afebc727

SHA256
1dd612cb11c8e0188e7b0d47a57e683a9def1d791c038457c619897728e2d82f

SHA512
41dfc467b71f130c38b5b3feb959fdc5ccc9be170be6d61fca208c594b8e86fbb9775c84573846f69438fc05bd486491469829c0a43abea5401445ad2dcbcfaa

Download Submit
\Windows\system\nFwxHPw.exe
Filesize
6.0MB

MD5
d63e343bba3cc843fa9e503c9183527b

SHA1
a8819808f4554127c83d850ad14e28a5ffcd4eba

SHA256
d36abcb25673da85b41e86e388fee65fe47b759402ad1af77e13dd2b4b6253fa

SHA512
c7d9b0184ec858804bbbd8c7ab6bc0b12c2c455418fa127cabb80d38112cdcac2cb8bdd5b44c40a16ec047c60e2705f99cfa71ad898da62bd9cd1d73194707fd

Download Submit
\Windows\system\rubeAQN.exe
Filesize
6.0MB

MD5
36df9a05b99d1e9ed0bb6b7185e526a6

SHA1
2643e4e92da2533cd5ba38e23554e1ab1c460916

SHA256
760e5b22476f3ecba93dbb7be7554d53f260bc2238678a137a68073918586f69

SHA512
6d61b450c25290886b178eac49dc4dd5c4f3744533705624a9b131b500089b9959596f6da7fa089b7a29fd1ae52e6a9899fabcb49bd71a56797b7bff3a349fc5

Download Submit
\Windows\system\tDEzGmk.exe
Filesize
6.0MB

MD5
76c4b8c9d3b217bd5b5960bcbb7cebfd

SHA1
7fcb0ca9d2b4e0960018f8b9e3c6637e04b329a0

SHA256
361888efd9af36f63190cddecc7329af328ea59dd98ca16a2fe6986e0d688ecb

SHA512
036fd85ac31f4cbcdf0cd2321719a8ec4687c5c86f4100a6732c80f06a03d347adcb499e4cca0c575898d7952951b4715a500d0499724e0ac3748a9b168bb604

Download Submit
\Windows\system\tEfmGVt.exe
Filesize
6.0MB

MD5
d8520433ad239a8e9096a0a7bac0826b

SHA1
fb6e1c23b39cfedf2cac4988b9d9fb661e5ed2d0

SHA256
3a40fac61bab8bb0d8b2563948952822c1fd6286313b028bfd40a3796539ff8b

SHA512
3991e5364edf608100da3ccb91d7b0a91dd47b58d72565ceac4ede336e796de4e31caa2ff9564a30488cb44243f2bc57ae0ae68872a857696c0f503f986e0fff

Download Submit
\Windows\system\tTLwdCn.exe
Filesize
6.0MB

MD5
e2a06c346172068c9949579fb38fb403

SHA1
2a13c96e773939a27bc535906e4fd7118714ed80

SHA256
eae4517c45e5144f29ed460ffbc9d2b6ed6d5abf8f156ae22c94e0e787e83346

SHA512
0c726eea08c4c54cf08296dc0021e7e4ff4f92d57a2e34966881b421a9cfa578b8919c5d0a2da70cf3972070438fa98ee8ddbdada64ecb2430d5fac8a54ea309

Download Submit
\Windows\system\wjxkQuf.exe
Filesize
6.0MB

MD5
3c12f2a9b1198cde0b31c7c79c77a380

SHA1
4e8c8a4d9845dc467abc0b6e3aab9e8dd13e5c0b

SHA256
ba247ffc0c0c875aa0bae5a7c6f541383c386d86013afaf741c4ee84ca12c9cf

SHA512
e4607ddb7d6c9f215f69c5f668b5848251affbefad382c79d822fad57479e0f89de8d35c7d46c0512d19c1b10aadfe909f270247487016bc8ba44a94e34919f6

Download Submit
\Windows\system\xPqhuwZ.exe
Filesize
6.0MB

MD5
7759ea06218576e4d0f1904cb4149549

SHA1
9b7c7a917faab361efbf259f85393158c760e651

SHA256
6f7cd4f8c862a70dc25850d0bf77ff771c1ee406f187fecd9883c7dc35de5572

SHA512
018b6e264f77e76d4c034bfd818e4eca2dba440d9485a86f17c422533f0fbea3774ece48495c0ee1023a7b62661de1e9d05f7699999907aa0d6c9f95528a5e5a

Download Submit
memory/1236-44-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/1236-3666-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/1876-95-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/1876-3737-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/1924-88-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/1924-52-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/1924-112-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1924-92-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/1924-0-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/1924-90-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/1924-114-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/1924-80-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/1924-113-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/1924-94-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/1924-9-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/1924-84-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/1924-2963-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/1924-2962-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/1924-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1924-49-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/1924-2695-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/1924-82-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/1924-19-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/1924-2430-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/1936-26-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/1936-3767-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2100-81-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-3673-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2340-87-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2340-3686-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-89-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2412-3729-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2424-3713-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2424-83-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2492-3698-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2492-91-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2576-85-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2576-3684-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2612-3693-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2612-109-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2616-107-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2616-3670-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2676-3728-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2676-93-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2700-3688-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-86-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-20-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/3004-3770-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads